From 788d17e4ae6bc0f1163c92492ae49c1d2527c8e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20-=20Le=20Filament?= <remi@le-filament.com>
Date: Mon, 13 May 2024 16:00:37 +0200
Subject: [PATCH] [UPD] add existing OCA modules
---
.gitlab-ci.yml | 26 +-
17.0.Dockerfile | 78 +++---
entrypoint-scratch.sh | 87 -------
security_analysis16.txt | 522 ----------------------------------------
4 files changed, 52 insertions(+), 661 deletions(-)
delete mode 100755 entrypoint-scratch.sh
delete mode 100644 security_analysis16.txt
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 05f8e10..ef66396 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,7 +5,7 @@
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
-image: docker:24
+image: docker:26
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
@@ -15,10 +15,10 @@ container_scanning:
CS_DOCKERFILE_PATH: "$CI_COMMIT_BRANCH.Dockerfile"
GIT_STRATEGY: fetch
docker-build-10.0:
- image: docker:24
+ image: docker:26
stage: build
services:
- - docker:24-dind
+ - docker:26-dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
@@ -27,10 +27,10 @@ docker-build-10.0:
only:
- '10.0'
docker-build-12.0:
- image: docker:24
+ image: docker:26
stage: build
services:
- - docker:24-dind
+ - docker:26-dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
@@ -44,10 +44,10 @@ docker-build-12.0:
only:
- '12.0'
docker-build-14.0:
- image: docker:24
+ image: docker:26
stage: build
services:
- - docker:24-dind
+ - docker:26-dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
@@ -56,10 +56,10 @@ docker-build-14.0:
only:
- '14.0'
docker-build-16.0:
- image: docker:24
+ image: docker:26
stage: build
services:
- - docker:24-dind
+ - docker:26-dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
@@ -68,10 +68,10 @@ docker-build-16.0:
only:
- '16.0'
# docker-build-16.0-scratch:
-# image: docker:24
+# image: docker:26
# stage: build
# services:
-# - docker:24-dind
+# - docker:26-dind
# before_script:
# - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
# script:
@@ -81,10 +81,10 @@ docker-build-16.0:
# only:
# - '16.0'
docker-build-17.0:
- image: docker:24
+ image: docker:26
stage: build
services:
- - docker:24-dind
+ - docker:26-dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
diff --git a/17.0.Dockerfile b/17.0.Dockerfile
index ab29c16..713b0ff 100644
--- a/17.0.Dockerfile
+++ b/17.0.Dockerfile
@@ -47,37 +47,37 @@ RUN set -x; \
chown -R odoo:odoo /opt/odoo
# Install Odoo OCA default dependencies - Commented modules do not exist yet
-# RUN set -x; \
-# mkdir -p /tmp/oca-repos/ &&\
-# curl -L https://github.com/OCA/account-financial-tools/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="account-financial-tools" --strip-components 1 &&\
-# mv /tmp/oca-repos/account-financial-tools/account_lock_date_update \
-# /tmp/oca-repos/account-financial-tools/account_move_name_sequence \
+RUN set -x; \
+ mkdir -p /tmp/oca-repos/ &&\
+ curl -L https://github.com/OCA/account-financial-tools/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="account-financial-tools" --strip-components 1 &&\
+ mv /tmp/oca-repos/account-financial-tools/account_lock_date_update \
+ /tmp/oca-repos/account-financial-tools/account_move_name_sequence \
# /tmp/oca-repos/account-financial-tools/account_reconcile_show_boolean \
-# /tmp/oca-repos/account-financial-tools/account_usability \
-# /opt/odoo/additional_addons/ &&\
-# https://github.com/OCA/account-invoicing/pull/1419
+ /tmp/oca-repos/account-financial-tools/account_usability \
+ /opt/odoo/additional_addons/ &&\
+## https://github.com/OCA/account-invoicing/pull/1713
# curl -L https://github.com/OCA/account-invoicing/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="account-invoicing" --strip-components 1 &&\
# mv /tmp/oca-repos/account-invoicing/sale_timesheet_invoice_description \
# /opt/odoo/additional_addons/ &&\
-# curl -L https://github.com/OCA/account-reconcile/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="account-reconcile" --strip-components 1 &&\
-# mv /tmp/oca-repos/account-reconcile/account_statement_base \
-# /tmp/oca-repos/account-reconcile/account_reconcile_oca \
-# /opt/odoo/additional_addons/ &&\
-# curl -L https://github.com/OCA/bank-statement-import/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="bank-statement-import" --strip-components 1 &&\
-# mv /tmp/oca-repos/bank-statement-import/account_statement_import_base \
+ curl -L https://github.com/OCA/account-reconcile/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="account-reconcile" --strip-components 1 &&\
+ mv /tmp/oca-repos/account-reconcile/account_statement_base \
+ /tmp/oca-repos/account-reconcile/account_reconcile_oca \
+ /opt/odoo/additional_addons/ &&\
+ curl -L https://github.com/OCA/bank-statement-import/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="bank-statement-import" --strip-components 1 &&\
+ mv /tmp/oca-repos/bank-statement-import/account_statement_import_base \
# /tmp/oca-repos/bank-statement-import/account_statement_import_file \
# /tmp/oca-repos/bank-statement-import/account_statement_import_ofx \
-# /opt/odoo/additional_addons/ &&\
+ /opt/odoo/additional_addons/ &&\
# curl -L https://github.com/OCA/crm/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="crm" --strip-components 1 &&\
# mv /tmp/oca-repos/crm/crm_stage_probability /opt/odoo/additional_addons/ &&\
-# curl -L https://github.com/OCA/l10n-france/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="l10n-france" --strip-components 1 &&\
-# mv /tmp/oca-repos/l10n-france/l10n_fr_siret \
+ curl -L https://github.com/OCA/l10n-france/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="l10n-france" --strip-components 1 &&\
+ mv /tmp/oca-repos/l10n-france/l10n_fr_siret \
# /tmp/oca-repos/l10n-france/l10n_fr_siret_lookup \
-# /opt/odoo/additional_addons/ &&\
-# curl -L https://github.com/OCA/partner-contact/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="partner-contact" --strip-components 1 &&\
+ /opt/odoo/additional_addons/ &&\
+ curl -L https://github.com/OCA/partner-contact/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="partner-contact" --strip-components 1 &&\
# mv /tmp/oca-repos/partner-contact/partner_disable_gravatar \
-# /tmp/oca-repos/partner-contact/partner_firstname \
-# /opt/odoo/additional_addons/ &&\
+ mv /tmp/oca-repos/partner-contact/partner_firstname \
+ /opt/odoo/additional_addons/ &&\
# curl -L https://github.com/OCA/project/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="project" --strip-components 1 &&\
# mv /tmp/oca-repos/project/project_task_default_stage \
# /tmp/oca-repos/project/project_template \
@@ -90,27 +90,27 @@ RUN set -x; \
# /tmp/oca-repos/server-brand/portal_odoo_debranding \
# /tmp/oca-repos/server-brand/remove_odoo_enterprise \
# /opt/odoo/additional_addons/ &&\
-# curl -L https://github.com/OCA/server-tools/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="server-tools" --strip-components 1 &&\
-# mv /tmp/oca-repos/server-tools/base_view_inheritance_extension \
-# /tmp/oca-repos/server-tools/module_change_auto_install \
-# /opt/odoo/additional_addons/ &&\
-# curl -L https://github.com/OCA/server-ux/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="server-ux" --strip-components 1 &&\
-# mv /tmp/oca-repos/server-ux/server_action_mass_edit \
-# /opt/odoo/additional_addons/ &&\
-# curl -L https://github.com/OCA/social/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="social" --strip-components 1 &&\
-# mv /tmp/oca-repos/social/mail_debrand \
+ curl -L https://github.com/OCA/server-tools/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="server-tools" --strip-components 1 &&\
+ mv /tmp/oca-repos/server-tools/base_view_inheritance_extension \
+ /tmp/oca-repos/server-tools/module_change_auto_install \
+ /opt/odoo/additional_addons/ &&\
+ curl -L https://github.com/OCA/server-ux/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="server-ux" --strip-components 1 &&\
+ mv /tmp/oca-repos/server-ux/server_action_mass_edit \
+ /opt/odoo/additional_addons/ &&\
+ curl -L https://github.com/OCA/social/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="social" --strip-components 1 &&\
+ mv /tmp/oca-repos/social/mail_debrand \
# /tmp/oca-repos/social/mail_tracking \
-# /opt/odoo/additional_addons/ &&\
-# curl -L https://github.com/OCA/web/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="web" --strip-components 1 &&\
+ /opt/odoo/additional_addons/ &&\
+ curl -L https://github.com/OCA/web/tarball/17.0 | tar -xzC /tmp/oca-repos/ --one-top-level="web" --strip-components 1 &&\
# mv /tmp/oca-repos/web/web_chatter_position \
-# /tmp/oca-repos/web/web_environment_ribbon \
-# /tmp/oca-repos/web/web_refresher \
-# /tmp/oca-repos/web/web_responsive \
-# /tmp/oca-repos/web/web_no_bubble \
+ mv /tmp/oca-repos/web/web_environment_ribbon \
+ /tmp/oca-repos/web/web_refresher \
+ /tmp/oca-repos/web/web_responsive \
+ /tmp/oca-repos/web/web_no_bubble \
# /tmp/oca-repos/web/web_theme_classic \
-# /opt/odoo/additional_addons/ &&\
-# rm -rf /tmp/oca-repos/ &&\
-# find /opt/odoo/additional_addons/*/i18n/ -type f -not -name 'fr.po' -delete &&\
+ /opt/odoo/additional_addons/ &&\
+ rm -rf /tmp/oca-repos/ &&\
+ find /opt/odoo/additional_addons/*/i18n/ -type f -not -name 'fr.po' -delete &&\
# # Install Le Filament default dependency
# git clone -b 17.0 --depth 1 https://sources.le-filament.com/lefilament/remove_login_links.git /opt/odoo/private_addons/remove_login_links &&\
# git clone -b 17.0 --depth 1 https://sources.le-filament.com/lefilament/lefilament_release_agent.git /opt/odoo/private_addons/lefilament_release_agent &&\
diff --git a/entrypoint-scratch.sh b/entrypoint-scratch.sh
deleted file mode 100755
index d11e0b4..0000000
--- a/entrypoint-scratch.sh
+++ /dev/null
@@ -1,87 +0,0 @@
-#!/bin/sh
-
-# set the postgres database host, port, user and password according to the environment
-# and pass them as arguments to the odoo process if not present in the config file
-: ${HOST:=${DB_PORT_5432_TCP_ADDR:='db'}}
-: ${PORT:=${DB_PORT_5432_TCP_PORT:=5432}}
-: ${USER:=${DB_ENV_POSTGRES_USER:=${POSTGRES_USER:='odoo'}}}
-: ${PASSWORD:=${DB_ENV_POSTGRES_PASSWORD:=${POSTGRES_PASSWORD:='odoo'}}}
-
-check_config() {
- param="$1"
- value="$2"
- if ! grep -q -E "^\s*\b${param}\b\s*=" /opt/odoo/etc/odoo.conf ; then
- DB_ARGS="${DB_ARGS} --${param} ${value}"
- fi;
-}
-
-unaccent_db() {
- /usr/bin/python3 -c "import psycopg2
-
-try:
- conn = psycopg2.connect(database='postgres', user='${USER}', password='${PASSWORD}', host='${HOST}', port='${PORT}')
-except:
- print('err: init: fail to connect to database')
- exit(11)
-
-cur = conn.cursor()
-try:
- cur.execute(\"SELECT datname FROM pg_database WHERE datname='${PGDATABASE}'\")
-except:
- print('err: init: fail to execute request')
- cur.close()
- conn.close()
- exit(12)
-
-if not cur.fetchall():
- cur.close()
- conn.close()
- exit(1)
-
-try:
- cur.execute('CREATE EXTENSION IF NOT EXISTS unaccent')
-except:
- print('err: init: fail to execute request')
- cur.close()
- conn.close()
- exit(13)
-
-conn.commit()
-cur.close()
-conn.close()
-exit(0)"
-
- return $?
-}
-
-DB_ARGS=''
-check_config "db_host" "$HOST"
-check_config "db_port" "$PORT"
-check_config "db_user" "$USER"
-check_config "db_password" "$PASSWORD"
-
-unaccent_db
-return_code=$?
-[ "$return_code" -gt 10 ] && exit 1
-if [ "$return_code" == 1 ]; then
- echo "info: init: database $PGDATABASE does not exist"
- DB_ARGS="${DB_ARGS} --load-language fr_FR"
-fi
-
-case "$1" in
- -- | odoo)
- shift
- if [[ "$1" == "scaffold" ]] ; then
- exec /opt/odoo/odoo/odoo-bin -c /opt/odoo/etc/odoo.conf "$@"
- else
- exec /opt/odoo/odoo/odoo-bin -c /opt/odoo/etc/odoo.conf "$@" ${DB_ARGS}
- fi
- ;;
- -*)
- exec /opt/odoo/odoo/odoo-bin -c /opt/odoo/etc/odoo.conf "$@" ${DB_ARGS}
- ;;
- *)
- exec "$@"
-esac
-
-exit 1
diff --git a/security_analysis16.txt b/security_analysis16.txt
deleted file mode 100644
index 7c0420e..0000000
--- a/security_analysis16.txt
+++ /dev/null
@@ -1,522 +0,0 @@
-/mnt/REMI_DATA2/filodoo16.tar (debian 11.4)
-
-Total: 133 (UNKNOWN: 0, LOW: 101, MEDIUM: 3, HIGH: 25, CRITICAL: 4)
-
-┌───────────────────┬──────────────────┬──────────┬─────────────────────────┬─────────────────┬──────────────────────────────────────────────────────────────┐
-│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ apt │ CVE-2011-3374 │ LOW │ 2.2.4 │ │ It was found that apt-key in apt, all versions, do not │
-│ │ │ │ │ │ correctly... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-3374 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ bsdutils │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
-│ │ │ │ │ │ and chsh when compiled... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ coreutils │ CVE-2016-2781 │ │ 8.32-4 │ │ coreutils: Non-privileged session can escape to the parent │
-│ │ │ │ │ │ session in chroot │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2016-2781 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2017-18018 │ │ │ │ coreutils: race condition vulnerability in chown and chgrp │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-18018 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ curl │ CVE-2021-22922 │ │ 7.74.0-1.3+deb11u2 │ │ curl: Content not matching hash in Metalink is not being │
-│ │ │ │ │ │ discarded │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-22922 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-22923 │ │ │ │ curl: Metalink download sends credentials │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-22923 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ e2fsprogs │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ git │ CVE-2022-24765 │ │ 1:2.30.2-1 │ │ git: On multi-user machines Git users might find themselves │
-│ │ │ │ │ │ unexpectedly in a... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-24765 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2022-29187 │ │ │ │ git: Bypass of safe.directory protections │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29187 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-1000021 │ LOW │ │ │ git: client prints server-sent ANSI escape codes to the │
-│ │ │ │ │ │ terminal, allowing for... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-1000021 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2022-24975 │ │ │ │ git: The --mirror option for git leaks secret for deleted │
-│ │ │ │ │ │ content, aka... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-24975 │
-├───────────────────┼──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ git-man │ CVE-2022-24765 │ HIGH │ │ │ git: On multi-user machines Git users might find themselves │
-│ │ │ │ │ │ unexpectedly in a... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-24765 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2022-29187 │ │ │ │ git: Bypass of safe.directory protections │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29187 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-1000021 │ LOW │ │ │ git: client prints server-sent ANSI escape codes to the │
-│ │ │ │ │ │ terminal, allowing for... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-1000021 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2022-24975 │ │ │ │ git: The --mirror option for git leaks secret for deleted │
-│ │ │ │ │ │ content, aka... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-24975 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libapt-pkg6.0 │ CVE-2011-3374 │ │ 2.2.4 │ │ It was found that apt-key in apt, all versions, do not │
-│ │ │ │ │ │ correctly... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-3374 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libblkid1 │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
-│ │ │ │ │ │ and chsh when compiled... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libc-bin │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ │ glibc: Off-by-one buffer overflow/underflow in getcwd() │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2010-4756 │ LOW │ │ │ glibc: glob implementation can cause excessive CPU and │
-│ │ │ │ │ │ memory consumption due to... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2010-4756 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-20796 │ │ │ │ glibc: uncontrolled recursion in function │
-│ │ │ │ │ │ check_dst_limits_calc_pos_1 in posix/regexec.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-20796 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010022 │ │ │ │ glibc: stack guard protection bypass │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010022 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010023 │ │ │ │ glibc: running ldd on malicious ELF leads to code execution │
-│ │ │ │ │ │ because of... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010023 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010024 │ │ │ │ glibc: ASLR bypass using cache of thread stack and heap │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010024 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010025 │ │ │ │ glibc: information disclosure of heap addresses of │
-│ │ │ │ │ │ pthread_created thread │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010025 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-9192 │ │ │ │ glibc: uncontrolled recursion in function │
-│ │ │ │ │ │ check_dst_limits_calc_pos_1 in posix/regexec.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-9192 │
-├───────────────────┼──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libc6 │ CVE-2021-3999 │ HIGH │ │ │ glibc: Off-by-one buffer overflow/underflow in getcwd() │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2010-4756 │ LOW │ │ │ glibc: glob implementation can cause excessive CPU and │
-│ │ │ │ │ │ memory consumption due to... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2010-4756 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-20796 │ │ │ │ glibc: uncontrolled recursion in function │
-│ │ │ │ │ │ check_dst_limits_calc_pos_1 in posix/regexec.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-20796 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010022 │ │ │ │ glibc: stack guard protection bypass │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010022 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010023 │ │ │ │ glibc: running ldd on malicious ELF leads to code execution │
-│ │ │ │ │ │ because of... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010023 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010024 │ │ │ │ glibc: ASLR bypass using cache of thread stack and heap │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010024 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010025 │ │ │ │ glibc: information disclosure of heap addresses of │
-│ │ │ │ │ │ pthread_created thread │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010025 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-9192 │ │ │ │ glibc: uncontrolled recursion in function │
-│ │ │ │ │ │ check_dst_limits_calc_pos_1 in posix/regexec.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-9192 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libcom-err2 │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libcurl3-gnutls │ CVE-2021-22922 │ LOW │ 7.74.0-1.3+deb11u2 │ │ curl: Content not matching hash in Metalink is not being │
-│ │ │ │ │ │ discarded │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-22922 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-22923 │ │ │ │ curl: Metalink download sends credentials │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-22923 │
-├───────────────────┼──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libcurl4 │ CVE-2021-22922 │ │ │ │ curl: Content not matching hash in Metalink is not being │
-│ │ │ │ │ │ discarded │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-22922 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-22923 │ │ │ │ curl: Metalink download sends credentials │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-22923 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libdb5.3 │ CVE-2019-8457 │ CRITICAL │ 5.3.28+dfsg1-0.8 │ │ sqlite: heap out-of-bound read in function rtreenode() │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-8457 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libexpat1 │ CVE-2013-0340 │ LOW │ 2.2.10-2+deb11u3 │ │ expat: internal entity expansion │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2013-0340 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libext2fs2 │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libfreetype6 │ CVE-2022-31782 │ LOW │ 2.10.4+dfsg-1+deb11u1 │ │ ftbench.c in FreeType Demo Programs through 2.12.1 has a │
-│ │ │ │ │ │ heap-based bu ...... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-31782 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libgcrypt20 │ CVE-2021-33560 │ HIGH │ 1.8.7-6 │ │ libgcrypt: mishandles ElGamal encryption because it lacks │
-│ │ │ │ │ │ exponent blinding to address a... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33560 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-6829 │ LOW │ │ │ libgcrypt: ElGamal implementation doesn't have semantic │
-│ │ │ │ │ │ security due to incorrectly encoded plaintexts... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-6829 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libgnutls30 │ CVE-2022-2509 │ HIGH │ 3.7.1-5+deb11u1 │ 3.7.1-5+deb11u2 │ gnutls: Double free during gnutls_pkcs7_verify. │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2011-3389 │ LOW │ │ │ HTTPS: block-wise chosen-plaintext attack against SSL/TLS │
-│ │ │ │ │ │ (BEAST) │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-3389 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libgssapi-krb5-2 │ CVE-2004-0971 │ │ 1.18.3-6+deb11u1 │ │ security flaw │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2004-0971 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-5709 │ │ │ │ krb5: integer overflow in dbentry->n_key_data in │
-│ │ │ │ │ │ kadmin/dbutil/dump.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-5709 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libjpeg62-turbo │ CVE-2021-46822 │ MEDIUM │ 1:2.0.6-4 │ │ libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in │
-│ │ │ │ │ │ rdppm.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46822 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libk5crypto3 │ CVE-2004-0971 │ LOW │ 1.18.3-6+deb11u1 │ │ security flaw │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2004-0971 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-5709 │ │ │ │ krb5: integer overflow in dbentry->n_key_data in │
-│ │ │ │ │ │ kadmin/dbutil/dump.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-5709 │
-├───────────────────┼──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libkrb5-3 │ CVE-2004-0971 │ │ │ │ security flaw │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2004-0971 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-5709 │ │ │ │ krb5: integer overflow in dbentry->n_key_data in │
-│ │ │ │ │ │ kadmin/dbutil/dump.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-5709 │
-├───────────────────┼──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libkrb5support0 │ CVE-2004-0971 │ │ │ │ security flaw │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2004-0971 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-5709 │ │ │ │ krb5: integer overflow in dbentry->n_key_data in │
-│ │ │ │ │ │ kadmin/dbutil/dump.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-5709 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libldap-2.4-2 │ CVE-2015-3276 │ │ 2.4.57+dfsg-3+deb11u1 │ │ openldap: incorrect multi-keyword mode cipherstring parsing │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2015-3276 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2017-14159 │ │ │ │ openldap: Privilege escalation via PID file manipulation │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-14159 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2017-17740 │ │ │ │ openldap: contrib/slapd-modules/nops/nops.c attempts to free │
-│ │ │ │ │ │ stack buffer allowing remote attackers to cause... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-17740 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2020-15719 │ │ │ │ openldap: Certificate validation incorrectly matches name │
-│ │ │ │ │ │ against CN-ID │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-15719 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libmount1 │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
-│ │ │ │ │ │ and chsh when compiled... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libncursesw6 │ CVE-2022-29458 │ HIGH │ 6.2+20201114-2 │ │ ncurses: segfaulting OOB read │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29458 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-39537 │ LOW │ │ │ ncurses: heap-based buffer overflow in _nc_captoinfo() in │
-│ │ │ │ │ │ captoinfo.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-39537 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ │ pcre2: Out-of-bounds read in compile_xclass_matchingpath in │
-│ │ │ │ │ │ pcre2_jit_compile.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2022-1587 │ │ │ │ pcre2: Out-of-bounds read in get_recurse_data_length in │
-│ │ │ │ │ │ pcre2_jit_compile.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libpcre3 │ CVE-2017-11164 │ LOW │ 2:8.39-13 │ │ pcre: OP_KETRMAX feature in the match function in │
-│ │ │ │ │ │ pcre_exec.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-11164 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2017-16231 │ │ │ │ pcre: self-recursive call in match() in pcre_exec.c leads to │
-│ │ │ │ │ │ denial of service... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-16231 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2017-7245 │ │ │ │ pcre: stack-based buffer overflow write in │
-│ │ │ │ │ │ pcre32_copy_substring │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-7245 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2017-7246 │ │ │ │ pcre: stack-based buffer overflow write in │
-│ │ │ │ │ │ pcre32_copy_substring │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-7246 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-20838 │ │ │ │ pcre: Buffer over-read in JIT when UTF is disabled and \X │
-│ │ │ │ │ │ or... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-20838 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libperl5.32 │ CVE-2020-16156 │ HIGH │ 5.32.1-4+deb11u2 │ │ perl-CPAN: Bypass of verification of signatures in CHECKSUMS │
-│ │ │ │ │ │ files │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-16156 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2011-4116 │ LOW │ │ │ perl: File::Temp insecure temporary file handling │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-4116 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libpng16-16 │ CVE-2019-6129 │ │ 1.6.37-3 │ │ libpng: memory leak of png_info struct in pngcp.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-6129 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-4214 │ │ │ │ libpng: hardcoded value leads to heap-overflow │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-4214 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libsepol1 │ CVE-2021-36084 │ │ 3.1-1 │ │ libsepol: use-after-free in __cil_verify_classperms() │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36084 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-36085 │ │ │ │ libsepol: use-after-free in __cil_verify_classperms() │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36085 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-36086 │ │ │ │ libsepol: use-after-free in cil_reset_classpermission() │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36086 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-36087 │ │ │ │ libsepol: heap-based buffer overflow in ebitmap_match_any() │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36087 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libsmartcols1 │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
-│ │ │ │ │ │ and chsh when compiled... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libsqlite3-0 │ CVE-2021-45346 │ MEDIUM │ 3.34.1-3 │ │ sqlite: crafted SQL query allows a malicious user to obtain │
-│ │ │ │ │ │ sensitive information... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-45346 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-36690 │ LOW │ │ │ ** DISPUTED ** A segmentation fault can occur in the │
-│ │ │ │ │ │ sqlite3.exe comma... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36690 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2022-35737 │ │ │ │ sqlite: assertion failure via query when compiled with │
-│ │ │ │ │ │ -DSQLITE_ENABLE_STAT4 │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-35737 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libss2 │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libssl1.1 │ CVE-2022-2097 │ │ 1.1.1n-0+deb11u3 │ │ openssl: AES OCB fails to encrypt some bytes │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2097 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2007-6755 │ LOW │ │ │ Dual_EC_DRBG: weak pseudo random number generator │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-6755 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2010-0928 │ │ │ │ openssl: RSA authentication weakness │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2010-0928 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libsystemd0 │ CVE-2013-4392 │ │ 247.3-7 │ │ systemd: TOCTOU race condition when updating file │
-│ │ │ │ │ │ permissions and SELinux security contexts... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2013-4392 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2020-13529 │ │ │ │ systemd: DHCP FORCERENEW authentication not implemented can │
-│ │ │ │ │ │ cause a system running the... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-13529 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libtinfo6 │ CVE-2022-29458 │ HIGH │ 6.2+20201114-2 │ │ ncurses: segfaulting OOB read │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29458 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-39537 │ LOW │ │ │ ncurses: heap-based buffer overflow in _nc_captoinfo() in │
-│ │ │ │ │ │ captoinfo.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-39537 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libudev1 │ CVE-2013-4392 │ │ 247.3-7 │ │ systemd: TOCTOU race condition when updating file │
-│ │ │ │ │ │ permissions and SELinux security contexts... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2013-4392 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2020-13529 │ │ │ │ systemd: DHCP FORCERENEW authentication not implemented can │
-│ │ │ │ │ │ cause a system running the... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-13529 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libuuid1 │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
-│ │ │ │ │ │ and chsh when compiled... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libxml2 │ CVE-2016-3709 │ MEDIUM │ 2.9.10+dfsg-6.7+deb11u2 │ │ libxml: Incorrect server side include parsing can lead to │
-│ │ │ │ │ │ XSS │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2016-3709 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libxslt1.1 │ CVE-2021-30560 │ HIGH │ 1.1.34-4 │ │ Use after free in Blink XSLT in Google Chrome prior to │
-│ │ │ │ │ │ 91.0.4472.164... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-30560 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2015-9019 │ LOW │ │ │ libxslt: math.random() in xslt uses unseeded randomness │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2015-9019 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ login │ CVE-2007-5686 │ │ 1:4.8.1-1 │ │ initscripts in rPath Linux 1 sets insecure permissions for │
-│ │ │ │ │ │ the /var/lo ...... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-5686 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2013-4235 │ │ │ │ shadow-utils: TOCTOU race conditions by copying and removing │
-│ │ │ │ │ │ directory trees │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2013-4235 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-19882 │ │ │ │ shadow-utils: local users can obtain root access because │
-│ │ │ │ │ │ setuid programs are misconfigured... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-19882 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ logsave │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ mount │ CVE-2022-0563 │ LOW │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
-│ │ │ │ │ │ and chsh when compiled... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ ncurses-base │ CVE-2022-29458 │ HIGH │ 6.2+20201114-2 │ │ ncurses: segfaulting OOB read │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29458 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-39537 │ LOW │ │ │ ncurses: heap-based buffer overflow in _nc_captoinfo() in │
-│ │ │ │ │ │ captoinfo.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-39537 │
-├───────────────────┼──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ ncurses-bin │ CVE-2022-29458 │ HIGH │ │ │ ncurses: segfaulting OOB read │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29458 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-39537 │ LOW │ │ │ ncurses: heap-based buffer overflow in _nc_captoinfo() in │
-│ │ │ │ │ │ captoinfo.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-39537 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ openssh-client │ CVE-2021-41617 │ HIGH │ 1:8.4p1-5+deb11u1 │ │ openssh: privilege escalation when AuthorizedKeysCommand or │
-│ │ │ │ │ │ AuthorizedPrincipalsCommand are configured │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-41617 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2007-2243 │ LOW │ │ │ OpenSSH 4.6 and earlier, when │
-│ │ │ │ │ │ ChallengeResponseAuthentication is enabl ... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-2243 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2007-2768 │ │ │ │ OpenSSH, when using OPIE (One-Time Passwords in Everything) │
-│ │ │ │ │ │ for PAM, a ...... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-2768 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2008-3234 │ │ │ │ sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 │
-│ │ │ │ │ │ OpenSSH snapsh... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2008-3234 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2016-20012 │ │ │ │ openssh: Public key information leak │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2016-20012 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-15919 │ │ │ │ openssh: User enumeration via malformed packets in │
-│ │ │ │ │ │ authentication requests │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-15919 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-6110 │ │ │ │ openssh: Acceptance and display of arbitrary stderr allows │
-│ │ │ │ │ │ for spoofing of scp... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-6110 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2020-14145 │ │ │ │ openssh: Observable discrepancy leading to an information │
-│ │ │ │ │ │ leak in the algorithm negotiation... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-14145 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2020-15778 │ │ │ │ openssh: scp allows command injection when using backtick │
-│ │ │ │ │ │ characters in the destination... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-15778 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-36368 │ │ │ │ openssh: possible bypass of fido 2 devices and ssh-askpass │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36368 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ openssl │ CVE-2022-2097 │ HIGH │ 1.1.1n-0+deb11u3 │ │ openssl: AES OCB fails to encrypt some bytes │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2097 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2007-6755 │ LOW │ │ │ Dual_EC_DRBG: weak pseudo random number generator │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-6755 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2010-0928 │ │ │ │ openssl: RSA authentication weakness │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2010-0928 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ passwd │ CVE-2007-5686 │ │ 1:4.8.1-1 │ │ initscripts in rPath Linux 1 sets insecure permissions for │
-│ │ │ │ │ │ the /var/lo ...... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-5686 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2013-4235 │ │ │ │ shadow-utils: TOCTOU race conditions by copying and removing │
-│ │ │ │ │ │ directory trees │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2013-4235 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-19882 │ │ │ │ shadow-utils: local users can obtain root access because │
-│ │ │ │ │ │ setuid programs are misconfigured... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-19882 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ patch │ CVE-2010-4651 │ │ 2.7.6-7 │ │ patch: directory traversal flaw allows for arbitrary file │
-│ │ │ │ │ │ creation │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2010-4651 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-6951 │ │ │ │ patch: NULL pointer dereference in pch.c:intuit_diff_type() │
-│ │ │ │ │ │ causes a crash │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-6951 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-6952 │ │ │ │ patch: Double free of memory in pch.c:another_hunk() causes │
-│ │ │ │ │ │ a crash │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-6952 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-45261 │ │ │ │ patch: Invalid Pointer via another_hunk function │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-45261 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ perl │ CVE-2020-16156 │ HIGH │ 5.32.1-4+deb11u2 │ │ perl-CPAN: Bypass of verification of signatures in CHECKSUMS │
-│ │ │ │ │ │ files │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-16156 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2011-4116 │ LOW │ │ │ perl: File::Temp insecure temporary file handling │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-4116 │
-├───────────────────┼──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ perl-base │ CVE-2020-16156 │ HIGH │ │ │ perl-CPAN: Bypass of verification of signatures in CHECKSUMS │
-│ │ │ │ │ │ files │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-16156 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2011-4116 │ LOW │ │ │ perl: File::Temp insecure temporary file handling │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-4116 │
-├───────────────────┼──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ perl-modules-5.32 │ CVE-2020-16156 │ HIGH │ │ │ perl-CPAN: Bypass of verification of signatures in CHECKSUMS │
-│ │ │ │ │ │ files │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-16156 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2011-4116 │ LOW │ │ │ perl: File::Temp insecure temporary file handling │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-4116 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ tar │ CVE-2005-2541 │ │ 1.34+dfsg-1 │ │ tar: does not properly warn the user when extracting setuid │
-│ │ │ │ │ │ or setgid... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2005-2541 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ util-linux │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
-│ │ │ │ │ │ and chsh when compiled... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2+deb11u1 │ │ zlib: a heap-based buffer over-read or buffer overflow in │
-│ │ │ │ │ │ inflate in inflate.c... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │
-└───────────────────┴──────────────────┴──────────┴─────────────────────────┴─────────────────┴──────────────────────────────────────────────────────────────┘
-2022-08-16T16:05:58.395+0200 INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file.
-
-Python (python-pkg)
-
-Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 1)
-
-┌─────────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
-│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
-├─────────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
-│ PyPDF2 (METADATA) │ CVE-2022-24859 │ MEDIUM │ 1.26.0 │ 1.27.5 │ PyPDF2: infinite loop vulnerability │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-24859 │
-├─────────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
-│ Werkzeug (METADATA) │ CVE-2022-29361 │ CRITICAL │ 2.0.2 │ 2.1.1 │ ** DISPUTED ** Improper parsing of HTTP requests in Pallets │
-│ │ │ │ │ │ Werkzeug v2.1.0... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29361 │
-├─────────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
-│ lxml (METADATA) │ CVE-2022-2309 │ HIGH │ 4.6.5 │ 4.9.1 │ lxml: NULL Pointer Dereference in lxml │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2309 │
-└─────────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
-
-/opt/odoo/odoo/addons/point_of_sale/tools/posbox/overwrite_after_init/etc/ssl/private/nginx-cert.key (secrets)
-
-Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
-
-HIGH: AsymmetricPrivateKey (private-key)
-═════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
-Asymmetric Private Key
-─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
- /opt/odoo/odoo/addons/point_of_sale/tools/posbox/overwrite_after_init/etc/ssl/private/nginx-cert.key:1 (deleted in the intermediate layer)
-─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
- 1 [ -----BEGIN PRIVATE KEY-----*******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----
- 2
-─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
--
GitLab