While doing a scan on the image dremio/dremio-oss image using the open-source version of clair, following vulnerabilities were found. Are there any plans to remediate these? At least the High vulnerabilities?
Blockquote
Found 14 vulnerabilities
CVE-2017-12424: [High]
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
https://security-tracker.debian.org/tracker/CVE-2017-12424
CVE-2017-10989: [High]
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
https://security-tracker.debian.org/tracker/CVE-2017-10989
Negligible: 8
Low: 1
Medium: 3
High: 2
As part of our release process, the latest version for openjdk:8-jdkbase image would be used, in order to pick the most recent security fixes. It looks a new version might have been released recently (https://github.com/docker-library/openjdk/issues/185 ) so future versions of the image should be okay.
As for these specific security issues, they might not be relevant in a Docker context which might make them less critical.
gnought
December 17, 2021, 3:33pm
3
From dremio/dremio-oss:19.1.0
A lot of vulnerabilities are found, including the recent Log4J 0-day vulnerability. Please upgrade dependent packages.
NAME INSTALLED FIXED-IN VULNERABILITY SEVERITY
apt 2.2.4 CVE-2011-3374 Negligible
avatica-core 1.18.0 CVE-2020-13955 Medium
avatica-metrics 1.18.0 CVE-2020-13955 Medium
calcite-core 1.16.0-202110140531410732-6a46ce2e 1.26.0 GHSA-hxp5-8pgq-mgv9 Medium
calcite-core 1.16.0-202110140531410732-6a46ce2e CVE-2020-13955 Medium
calcite-linq4j 1.16.0-202110140531410732-6a46ce2e CVE-2020-13955 Medium
commons-compress 1.20 1.21 GHSA-7hfm-57qf-j43q High
commons-compress 1.20 1.21 GHSA-crv7-7245-f45f High
commons-compress 1.20 1.21 GHSA-mc84-pj99-q6hh High
commons-compress 1.20 1.21 GHSA-xqfj-vm6h-2x34 High
commons-compress 1.20 CVE-2021-35515 High
commons-compress 1.20 CVE-2021-35516 High
commons-compress 1.20 CVE-2021-35517 High
commons-compress 1.20 CVE-2021-36090 High
commons-io 2.5 2.7 GHSA-gwrp-pvrq-jmwv Medium
commons-io 2.5 CVE-2021-29425 Medium
commons-io 2.4 2.7 GHSA-gwrp-pvrq-jmwv Medium
commons-io 2.4 CVE-2021-29425 Medium
coreutils 8.32-4+b1 (won't fix) CVE-2016-2781 Low
coreutils 8.32-4+b1 CVE-2017-18018 Negligible
curl 7.74.0-1.3+b1 (won't fix) CVE-2021-22924 Low
curl 7.74.0-1.3+b1 (won't fix) CVE-2021-22945 Critical
curl 7.74.0-1.3+b1 (won't fix) CVE-2021-22946 High
curl 7.74.0-1.3+b1 (won't fix) CVE-2021-22947 Medium
curl 7.74.0-1.3+b1 (won't fix) CVE-2021-22898 Low
curl 7.74.0-1.3+b1 CVE-2021-22922 Negligible
curl 7.74.0-1.3+b1 CVE-2021-22923 Negligible
elasticsearch 5.5.3 CVE-2019-7611 High
elasticsearch 5.5.3 CVE-2019-7614 Medium
elasticsearch 5.5.3 CVE-2020-7019 Medium
elasticsearch 5.5.3 CVE-2020-7020 Low
elasticsearch 5.5.3 CVE-2020-7021 Medium
elasticsearch 5.5.3 CVE-2021-22135 Medium
elasticsearch 5.5.3 CVE-2021-22137 Medium
elasticsearch 5.5.3 CVE-2021-22144 Medium
elasticsearch 5.5.3 CVE-2021-22147 Medium
flatbuffers-java 1.9.0 CVE-2020-35864 High
git 1:2.30.2-1 CVE-2018-1000021 Negligible
git-man 1:2.30.2-1 CVE-2018-1000021 Negligible
guava 13.0.1 24.1.1 GHSA-mvr2-9pj6-7w5j Medium
guava 13.0.1 30.0-jre GHSA-5mg8-w23w-74h3 Low
guava 13.0.1 CVE-2018-10237 Medium
guava 13.0.1 CVE-2020-8908 Low
guava 28.0-jre 30.0-jre GHSA-5mg8-w23w-74h3 Low
guava 28.0-jre CVE-2020-8908 Low
guava 14.0.1 24.1.1 GHSA-mvr2-9pj6-7w5j Medium
guava 14.0.1 30.0-jre GHSA-5mg8-w23w-74h3 Low
guava 14.0.1 CVE-2018-10237 Medium
guava 14.0.1 CVE-2020-8908 Low
guava 28.1-jre 30.0-jre GHSA-5mg8-w23w-74h3 Low
guava 28.1-jre CVE-2020-8908 Low
hadoop-annotations 2.8.5 CVE-2018-11765 High
hadoop-annotations 2.8.5 CVE-2020-9492 High
hadoop-annotations 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-auth 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-auth 2.8.5 CVE-2018-11765 High
hadoop-auth 2.8.5 CVE-2020-9492 High
hadoop-aws 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-aws 2.8.5 CVE-2018-11765 High
hadoop-aws 2.8.5 CVE-2020-9492 High
hadoop-azure 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-azure 2.8.5-dremio-r2-202106241733540604-acdda22 CVE-2018-11765 High
hadoop-azure 2.8.5-dremio-r2-202106241733540604-acdda22 CVE-2020-9492 High
hadoop-azure-datalake 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-azure-datalake 2.8.5 CVE-2018-11765 High
hadoop-azure-datalake 2.8.5 CVE-2020-9492 High
hadoop-client 2.8.5 CVE-2018-11765 High
hadoop-client 2.8.5 CVE-2020-9492 High
hadoop-client 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-common 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-common 2.8.5 CVE-2018-11765 High
hadoop-common 2.8.5 CVE-2020-9492 High
hadoop-hdfs 2.8.5 CVE-2018-11765 High
hadoop-hdfs 2.8.5 CVE-2020-9492 High
hadoop-hdfs 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-hdfs-client 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-hdfs-client 2.8.5 CVE-2018-11765 High
hadoop-hdfs-client 2.8.5 CVE-2020-9492 High
hadoop-mapreduce-client-app 2.8.5 CVE-2018-11765 High
hadoop-mapreduce-client-app 2.8.5 CVE-2020-9492 High
hadoop-mapreduce-client-common 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-mapreduce-client-common 2.8.5 CVE-2018-11765 High
hadoop-mapreduce-client-common 2.8.5 CVE-2020-9492 High
hadoop-mapreduce-client-core 2.8.5 CVE-2018-11765 High
hadoop-mapreduce-client-core 2.8.5 CVE-2020-9492 High
hadoop-mapreduce-client-core 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-mapreduce-client-jobclient 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-mapreduce-client-jobclient 2.8.5 CVE-2018-11765 High
hadoop-mapreduce-client-jobclient 2.8.5 CVE-2020-9492 High
hadoop-mapreduce-client-shuffle 2.8.5 CVE-2018-11765 High
hadoop-mapreduce-client-shuffle 2.8.5 CVE-2020-9492 High
hadoop-yarn-api 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-yarn-api 2.8.5 CVE-2018-11765 High
hadoop-yarn-api 2.8.5 CVE-2020-9492 High
hadoop-yarn-client 2.8.5 CVE-2018-11765 High
hadoop-yarn-client 2.8.5 CVE-2020-9492 High
hadoop-yarn-client 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-yarn-common 2.8.5 CVE-2018-11765 High
hadoop-yarn-common 2.8.5 CVE-2020-9492 High
hadoop-yarn-common 3.2.1-dremio-202107061151520241-a2c072f CVE-2020-9492 High
hadoop-yarn-server-common 2.8.5 CVE-2018-11765 High
hadoop-yarn-server-common 2.8.5 CVE-2020-9492 High
hbase-annotations 1.1.13 CVE-2018-8025 High
hbase-client 1.1.13 CVE-2018-8025 High
hbase-common 1.1.13 CVE-2018-8025 High
hbase-hadoop-compat 1.1.13 CVE-2018-8025 High
hbase-hadoop2-compat 1.1.13 CVE-2018-8025 High
hbase-protocol 1.1.13 CVE-2018-8025 High
hbase-server 1.1.13 CVE-2018-8025 High
hive-common 3.1.1-dremio-202108260418420981-22681bb CVE-2020-13949 High
hive-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-11777 High
hive-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1282 Critical
hive-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1284 Low
hive-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1314 Medium
hive-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1315 Low
hive-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-13949 High
hive-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-1926 Medium
hive-contrib 3.1.1-dremio-202108260418420981-22681bb CVE-2020-13949 High
hive-contrib 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-11777 High
hive-contrib 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1282 Critical
hive-contrib 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1284 Low
hive-contrib 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1314 Medium
hive-contrib 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1315 Low
hive-contrib 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-13949 High
hive-contrib 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-1926 Medium
hive-exec 2.1.1-dremio-202111110700250786-bf21359 2.1.2 GHSA-2g9q-chq2-w8qw Medium
hive-exec 2.1.1-dremio-202111110700250786-bf21359 2.3.3 GHSA-p639-xxv5-j383 Low
hive-exec 2.1.1-dremio-202111110700250786-bf21359 2.3.4 GHSA-rrfq-g5fq-fc9c High
hive-exec 2.1.1-dremio-202111110700250786-bf21359 2.3.3 GHSA-rxmr-c9jm-7mm8 Low
hive-exec 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-11777 High
hive-exec 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1282 Critical
hive-exec 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1284 Low
hive-exec 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1314 Medium
hive-exec 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1315 Low
hive-exec 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-13949 High
hive-exec 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-1926 Medium
hive-exec 3.1.1-dremio-202108260418420981-22681bb 3.1.1 GHSA-rrfq-g5fq-fc9c High
hive-exec 3.1.1-dremio-202108260418420981-22681bb CVE-2020-13949 High
hive-hbase-handler 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-11777 High
hive-hbase-handler 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1282 Critical
hive-hbase-handler 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1284 Low
hive-hbase-handler 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1314 Medium
hive-hbase-handler 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1315 Low
hive-hbase-handler 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-13949 High
hive-hbase-handler 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-1926 Medium
hive-hbase-handler 3.1.1-dremio-202108260418420981-22681bb CVE-2020-13949 High
hive-llap-client 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-11777 High
hive-llap-client 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1282 Critical
hive-llap-client 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1284 Low
hive-llap-client 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1314 Medium
hive-llap-client 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1315 Low
hive-llap-client 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-13949 High
hive-llap-client 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-1926 Medium
hive-llap-client 3.1.1-dremio-202108260418420981-22681bb CVE-2020-13949 High
hive-llap-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-11777 High
hive-llap-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1282 Critical
hive-llap-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1284 Low
hive-llap-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1314 Medium
hive-llap-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1315 Low
hive-llap-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-13949 High
hive-llap-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-1926 Medium
hive-llap-common 3.1.1-dremio-202108260418420981-22681bb CVE-2020-13949 High
hive-metastore 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-11777 High
hive-metastore 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1282 Critical
hive-metastore 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1284 Low
hive-metastore 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1314 Medium
hive-metastore 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1315 Low
hive-metastore 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-13949 High
hive-metastore 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-1926 Medium
hive-metastore 3.1.1-dremio-202108260418420981-22681bb CVE-2020-13949 High
hive-orc 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-11777 High
hive-orc 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1282 Critical
hive-orc 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1284 Low
hive-orc 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1314 Medium
hive-orc 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1315 Low
hive-orc 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-13949 High
hive-orc 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-1926 Medium
hive-serde 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-11777 High
hive-serde 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1282 Critical
hive-serde 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1284 Low
hive-serde 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1314 Medium
hive-serde 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1315 Low
hive-serde 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-13949 High
hive-serde 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-1926 Medium
hive-serde 3.1.1-dremio-202108260418420981-22681bb CVE-2020-13949 High
hive-service-rpc 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-11777 High
hive-service-rpc 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1282 Critical
hive-service-rpc 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1284 Low
hive-service-rpc 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1314 Medium
hive-service-rpc 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1315 Low
hive-service-rpc 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-13949 High
hive-service-rpc 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-1926 Medium
hive-service-rpc 3.1.1-dremio-202108260418420981-22681bb CVE-2020-13949 High
hive-shims-0.23 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-11777 High
hive-shims-0.23 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1282 Critical
hive-shims-0.23 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1284 Low
hive-shims-0.23 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1314 Medium
hive-shims-0.23 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1315 Low
hive-shims-0.23 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-13949 High
hive-shims-0.23 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-1926 Medium
hive-shims-0.23 3.1.1-dremio-202108260418420981-22681bb CVE-2020-13949 High
hive-shims-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-11777 High
hive-shims-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1282 Critical
hive-shims-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1284 Low
hive-shims-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1314 Medium
hive-shims-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1315 Low
hive-shims-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-13949 High
hive-shims-common 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-1926 Medium
hive-shims-common 3.1.1-dremio-202108260418420981-22681bb CVE-2020-13949 High
hive-spark-client 3.1.1-dremio-202108260418420981-22681bb CVE-2020-13949 High
hive-standalone-metastore 3.1.1-dremio-202108260418420981-22681bb CVE-2020-13949 High
hive-storage-api 2.7.0 CVE-2020-13949 High
hive-storage-api 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-11777 High
hive-storage-api 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1282 Critical
hive-storage-api 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1284 Low
hive-storage-api 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1314 Medium
hive-storage-api 2.1.1-dremio-202111110700250786-bf21359 CVE-2018-1315 Low
hive-storage-api 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-13949 High
hive-storage-api 2.1.1-dremio-202111110700250786-bf21359 CVE-2020-1926 Medium
hive-upgrade-acid 3.1.1-dremio-202108260418420981-22681bb CVE-2020-13949 High
gnought
December 17, 2021, 3:34pm
4
jackson-databind 2.9.9 2.9.10 GHSA-cf6r-3wgc-h863 High
jackson-databind 2.9.9 2.9.10.4 GHSA-fqwf-pjwf-7vqv Medium
jackson-databind 2.9.9 2.9.10 GHSA-qmqc-x3r4-6v39 High
jackson-databind 2.9.9 2.9.10 GHSA-f3j5-rmmp-3fc5 Critical
jackson-databind 2.9.9 2.9.10.5 GHSA-j823-4qch-3rgm High
jackson-databind 2.9.9 2.9.10.5 GHSA-c265-37vj-cwcc High
jackson-databind 2.9.9 2.9.10.5 GHSA-c2q3-4qrh-fm48 High
jackson-databind 2.9.9 2.9.10 GHSA-h822-r4r5-v8jg Critical
jackson-databind 2.9.9 2.9.10 GHSA-85cw-hj65-qqv9 Critical
jackson-databind 2.9.9 2.9.10.7 GHSA-5949-rw7g-wx7w High
jackson-databind 2.9.9 2.9.10.7 GHSA-288c-cq4h-88gq High
jackson-databind 2.9.9 2.9.9.2 GHSA-gwp4-hfv6-p7hw High
jackson-databind 2.9.9 2.9.9.1 GHSA-cmfg-87vq-g5g4 Medium
jackson-databind 2.9.9 2.9.9.1 GHSA-mph4-vhrx-mv67 Medium
jackson-databind 2.9.9 2.9.9.2 GHSA-6fpp-rgj9-8rwc Critical
jackson-databind 2.9.9 2.9.10.1 GHSA-mx7p-6679-8g3q Critical
jackson-databind 2.9.9 2.9.10.5 GHSA-mc6h-4qgp-37qh High
jackson-databind 2.9.9 2.9.10.1 GHSA-fmmc-742q-jg75 Critical
jackson-databind 2.9.9 2.9.10.1 GHSA-gjmw-vf9h-g25v Critical
jackson-databind 2.9.9 2.9.10.2 GHSA-gww7-p5w4-wrfv Critical
jackson-databind 2.9.9 2.9.10.3 GHSA-4w82-r329-3q67 Critical
jackson-databind 2.9.9 2.9.10.4 GHSA-q93h-jc49-78gg Critical
jackson-databind 2.9.9 2.9.10.4 GHSA-h4rc-386g-6m85 High
jackson-databind 2.9.9 2.9.10.4 GHSA-p43x-xfjf-5jhr Critical
jackson-databind 2.9.9 2.9.10.4 GHSA-5p34-5m6p-p58g Critical
jackson-databind 2.9.9 2.9.10.4 GHSA-758m-v56v-grj4 High
jackson-databind 2.9.9 2.9.10.4 GHSA-rf6r-2c4q-2vwg High
jackson-databind 2.9.9 2.9.10.4 GHSA-v3xw-c963-f5hc High
jackson-databind 2.9.9 2.9.10.4 GHSA-9vvp-fxw6-jcxr High
jackson-databind 2.9.9 2.9.10.4 GHSA-27xj-rqx5-2255 High
jackson-databind 2.9.9 2.9.10.4 GHSA-58pp-9c76-5625 High
jackson-databind 2.9.9 2.9.10.8 GHSA-v585-23hc-c647 High
jackson-databind 2.9.9 2.9.10.6 GHSA-h3cw-g4mq-c5x2 High
jackson-databind 2.9.9 2.9.10.8 GHSA-wh8g-3j2c-rqj5 High
jackson-databind 2.9.9 2.9.10.8 GHSA-r3gr-cxrf-hg25 High
jackson-databind 2.9.9 2.9.10.6 GHSA-qjw2-hr98-qgfh Critical
jackson-databind 2.9.9 2.9.10.8 GHSA-89qr-369f-5m5x High
jackson-databind 2.9.9 2.9.10.8 GHSA-9gph-22xh-8x98 High
jackson-databind 2.9.9 2.9.10.8 GHSA-8w26-6f25-cm9x High
jackson-databind 2.9.9 2.9.10.8 GHSA-cvm9-fjm9-3572 High
jackson-databind 2.9.9 2.9.10.8 GHSA-8c4j-34r4-xr8g High
jackson-databind 2.9.9 2.9.10.8 GHSA-m6x4-97wx-4q27 High
jackson-databind 2.9.9 2.9.10.8 GHSA-9m6f-7xcq-8vf8 High
jackson-databind 2.9.9 2.9.10.8 GHSA-f9xh-2qgp-cq57 High
jackson-databind 2.9.9 2.9.10.8 GHSA-r695-7vr9-jgc2 High
jackson-databind 2.9.9 2.9.10.8 GHSA-vfqx-33qm-g869 High
jackson-databind 2.9.9 2.9.10.4 GHSA-95cm-88f5-f2c7 High
jackson-databind 2.9.9 CVE-2019-12384 Medium
jackson-databind 2.9.9 CVE-2019-12814 Medium
jackson-databind 2.9.9 CVE-2019-14379 Critical
jackson-databind 2.9.9 CVE-2019-14439 High
jackson-databind 2.9.9 CVE-2019-14540 Critical
jackson-databind 2.9.9 CVE-2019-14892 Critical
jackson-databind 2.9.9 CVE-2019-14893 Critical
jackson-databind 2.9.9 CVE-2019-16335 Critical
jackson-databind 2.9.9 CVE-2019-16942 Critical
jackson-databind 2.9.9 CVE-2019-16943 Critical
jackson-databind 2.9.9 CVE-2019-17267 Critical
jackson-databind 2.9.9 CVE-2019-17531 Critical
jackson-databind 2.9.9 CVE-2019-20330 Critical
jackson-databind 2.9.9 CVE-2020-10672 High
jackson-databind 2.9.9 CVE-2020-10673 High
jackson-databind 2.9.9 CVE-2020-10968 High
jackson-databind 2.9.9 CVE-2020-10969 High
jackson-databind 2.9.9 CVE-2020-11111 High
jackson-databind 2.9.9 CVE-2020-11112 High
jackson-databind 2.9.9 CVE-2020-11113 High
jackson-databind 2.9.9 CVE-2020-11619 High
jackson-databind 2.9.9 CVE-2020-11620 High
jackson-databind 2.9.9 CVE-2020-14060 High
jackson-databind 2.9.9 CVE-2020-14061 High
jackson-databind 2.9.9 CVE-2020-14062 High
jackson-databind 2.9.9 CVE-2020-14195 High
jackson-databind 2.9.9 CVE-2020-24616 High
jackson-databind 2.9.9 CVE-2020-24750 High
jackson-databind 2.9.9 CVE-2020-25649 High
jackson-databind 2.9.9 CVE-2020-35490 High
jackson-databind 2.9.9 CVE-2020-35491 High
jackson-databind 2.9.9 CVE-2020-35728 High
jackson-databind 2.9.9 CVE-2020-36179 High
jackson-databind 2.9.9 CVE-2020-36180 High
jackson-databind 2.9.9 CVE-2020-36181 High
jackson-databind 2.9.9 CVE-2020-36182 High
jackson-databind 2.9.9 CVE-2020-36183 High
jackson-databind 2.9.9 CVE-2020-36184 High
jackson-databind 2.9.9 CVE-2020-36185 High
jackson-databind 2.9.9 CVE-2020-36186 High
jackson-databind 2.9.9 CVE-2020-36187 High
jackson-databind 2.9.9 CVE-2020-36188 High
jackson-databind 2.9.9 CVE-2020-36189 High
jackson-databind 2.9.9 CVE-2020-8840 Critical
jackson-databind 2.9.9 CVE-2020-9546 Critical
jackson-databind 2.9.9 CVE-2020-9547 Critical
jackson-databind 2.9.9 CVE-2020-9548 Critical
jackson-databind 2.9.9 CVE-2021-20190 High
jackson-databind 2.4.0 2.6.7.3 GHSA-cf6r-3wgc-h863 High
jackson-databind 2.4.0 2.9.10.4 GHSA-fqwf-pjwf-7vqv Medium
jackson-databind 2.4.0 2.9.10 GHSA-f3j5-rmmp-3fc5 Critical
jackson-databind 2.4.0 2.8.11 GHSA-w3f4-3q6j-rh82 High
jackson-databind 2.4.0 2.9.10 GHSA-h822-r4r5-v8jg Critical
jackson-databind 2.4.0 2.9.10 GHSA-85cw-hj65-qqv9 Critical
jackson-databind 2.4.0 2.9.10.7 GHSA-5949-rw7g-wx7w High
jackson-databind 2.4.0 2.6.7.4 GHSA-288c-cq4h-88gq High
jackson-databind 2.4.0 2.9.9.2 GHSA-gwp4-hfv6-p7hw High
jackson-databind 2.4.0 2.9.9.1 GHSA-cmfg-87vq-g5g4 Medium
jackson-databind 2.4.0 2.9.9.1 GHSA-mph4-vhrx-mv67 Medium
jackson-databind 2.4.0 2.7.9.4 GHSA-qr7j-h6gg-jmgc Critical
jackson-databind 2.4.0 2.8.11 GHSA-h592-38cm-4ggp Critical
jackson-databind 2.4.0 2.8.11.1 GHSA-cggj-fvv3-cqwv Critical
jackson-databind 2.4.0 2.7.9.5 GHSA-4gq5-ch57-c2mg Critical
jackson-databind 2.4.0 2.7.9.5 GHSA-645p-88qh-w398 Critical
jackson-databind 2.4.0 2.7.9.4 GHSA-cjjf-94ff-43w7 High
jackson-databind 2.4.0 2.9.9 GHSA-5ww9-j83m-q7qx High
jackson-databind 2.4.0 2.9.9.2 GHSA-6fpp-rgj9-8rwc Critical
jackson-databind 2.4.0 2.9.10.1 GHSA-mx7p-6679-8g3q Critical
jackson-databind 2.4.0 2.9.10.1 GHSA-fmmc-742q-jg75 Critical
jackson-databind 2.4.0 2.9.10.1 GHSA-gjmw-vf9h-g25v Critical
jackson-databind 2.4.0 GHSA-gww7-p5w4-wrfv Critical
jackson-databind 2.4.0 GHSA-4w82-r329-3q67 Critical
jackson-databind 2.4.0 2.9.10.4 GHSA-q93h-jc49-78gg Critical
jackson-databind 2.4.0 2.9.10.4 GHSA-p43x-xfjf-5jhr Critical
jackson-databind 2.4.0 2.8.11 GHSA-rfx6-vp9g-rh7v Critical
jackson-databind 2.4.0 2.6.7.1 GHSA-qxxx-2pp7-5hmx Critical
jackson-databind 2.4.0 2.9.10.8 GHSA-v585-23hc-c647 High
jackson-databind 2.4.0 2.9.10.6 GHSA-h3cw-g4mq-c5x2 High
jackson-databind 2.4.0 2.9.10.8 GHSA-wh8g-3j2c-rqj5 High
jackson-databind 2.4.0 2.9.10.8 GHSA-r3gr-cxrf-hg25 High
jackson-databind 2.4.0 2.9.10.6 GHSA-qjw2-hr98-qgfh Critical
jackson-databind 2.4.0 2.9.10.8 GHSA-89qr-369f-5m5x High
jackson-databind 2.4.0 2.9.10.8 GHSA-9gph-22xh-8x98 High
jackson-databind 2.4.0 2.9.10.8 GHSA-8w26-6f25-cm9x High
jackson-databind 2.4.0 2.9.10.8 GHSA-cvm9-fjm9-3572 High
jackson-databind 2.4.0 2.9.10.8 GHSA-8c4j-34r4-xr8g High
jackson-databind 2.4.0 2.9.10.8 GHSA-m6x4-97wx-4q27 High
jackson-databind 2.4.0 2.9.10.8 GHSA-9m6f-7xcq-8vf8 High
jackson-databind 2.4.0 2.9.10.8 GHSA-f9xh-2qgp-cq57 High
jackson-databind 2.4.0 2.9.10.8 GHSA-r695-7vr9-jgc2 High
jackson-databind 2.4.0 2.9.10.8 GHSA-vfqx-33qm-g869 High
jackson-databind 2.4.0 CVE-2018-7489 Critical
jackson-databind 2.4.0 CVE-2020-35490 High
jackson-databind 2.4.0 CVE-2020-35491 High
jersey-common 2.30 2.34 GHSA-c43q-5hpj-4crv Medium
jetty 6.1.26 CVE-2009-1523 Medium
jetty 6.1.26 CVE-2011-4461 Medium
jetty-sslengine 6.1.26 CVE-2009-1523 Medium
jetty-sslengine 6.1.26 CVE-2011-4461 Medium
jetty-util 6.1.26 CVE-2009-1523 Medium
jetty-util 6.1.26 CVE-2011-4461 Medium
json-smart 1.3.1 1.3.2 GHSA-v528-7hrm-frqp Critical
libapt-pkg6.0 2.2.4 CVE-2011-3374 Negligible
libc-bin 2.31-13+deb11u2 CVE-2021-43396 Negligible
libc-bin 2.31-13+deb11u2 CVE-2010-4756 Negligible
libc-bin 2.31-13+deb11u2 CVE-2018-20796 Negligible
libc-bin 2.31-13+deb11u2 CVE-2019-1010022 Negligible
libc-bin 2.31-13+deb11u2 CVE-2019-1010023 Negligible
libc-bin 2.31-13+deb11u2 CVE-2019-1010024 Negligible
libc-bin 2.31-13+deb11u2 CVE-2019-1010025 Negligible
libc-bin 2.31-13+deb11u2 CVE-2019-9192 Negligible
libc-bin 2.31-13+deb11u2 (won't fix) CVE-2021-33574 Critical
libc6 2.31-13+deb11u2 CVE-2021-43396 Negligible
libc6 2.31-13+deb11u2 CVE-2010-4756 Negligible
libc6 2.31-13+deb11u2 CVE-2018-20796 Negligible
libc6 2.31-13+deb11u2 CVE-2019-1010022 Negligible
libc6 2.31-13+deb11u2 CVE-2019-1010023 Negligible
libc6 2.31-13+deb11u2 CVE-2019-1010024 Negligible
libc6 2.31-13+deb11u2 CVE-2019-1010025 Negligible
libc6 2.31-13+deb11u2 CVE-2019-9192 Negligible
libc6 2.31-13+deb11u2 (won't fix) CVE-2021-33574 Critical
libcurl3-gnutls 7.74.0-1.3+b1 (won't fix) CVE-2021-22924 Low
libcurl3-gnutls 7.74.0-1.3+b1 (won't fix) CVE-2021-22945 Critical
libcurl3-gnutls 7.74.0-1.3+b1 (won't fix) CVE-2021-22946 High
libcurl3-gnutls 7.74.0-1.3+b1 (won't fix) CVE-2021-22947 Medium
libcurl3-gnutls 7.74.0-1.3+b1 (won't fix) CVE-2021-22898 Low
libcurl3-gnutls 7.74.0-1.3+b1 CVE-2021-22922 Negligible
libcurl3-gnutls 7.74.0-1.3+b1 CVE-2021-22923 Negligible
libcurl4 7.74.0-1.3+b1 (won't fix) CVE-2021-22924 Low
libcurl4 7.74.0-1.3+b1 (won't fix) CVE-2021-22945 Critical
libcurl4 7.74.0-1.3+b1 (won't fix) CVE-2021-22946 High
libcurl4 7.74.0-1.3+b1 (won't fix) CVE-2021-22947 Medium
libcurl4 7.74.0-1.3+b1 (won't fix) CVE-2021-22898 Low
libcurl4 7.74.0-1.3+b1 CVE-2021-22922 Negligible
libcurl4 7.74.0-1.3+b1 CVE-2021-22923 Negligible
libexpat1 2.2.10-2 CVE-2013-0340 Negligible
libgcrypt20 1.8.7-6 (won't fix) CVE-2021-33560 High
libgcrypt20 1.8.7-6 CVE-2018-6829 Negligible
libgmp10 2:6.2.1+dfsg-1 (won't fix) CVE-2021-43618 High
libgnutls30 3.7.1-5 CVE-2011-3389 Medium
libgssapi-krb5-2 1.18.3-6+deb11u1 CVE-2004-0971 Negligible
libgssapi-krb5-2 1.18.3-6+deb11u1 CVE-2018-5709 Negligible
libk5crypto3 1.18.3-6+deb11u1 CVE-2004-0971 Negligible
libk5crypto3 1.18.3-6+deb11u1 CVE-2018-5709 Negligible
libkrb5-3 1.18.3-6+deb11u1 CVE-2004-0971 Negligible
libkrb5-3 1.18.3-6+deb11u1 CVE-2018-5709 Negligible
libkrb5support0 1.18.3-6+deb11u1 CVE-2004-0971 Negligible
libkrb5support0 1.18.3-6+deb11u1 CVE-2018-5709 Negligible
libldap-2.4-2 2.4.57+dfsg-3 CVE-2015-3276 Negligible
libldap-2.4-2 2.4.57+dfsg-3 CVE-2017-14159 Negligible
libldap-2.4-2 2.4.57+dfsg-3 CVE-2017-17740 Negligible
libldap-2.4-2 2.4.57+dfsg-3 CVE-2020-15719 Negligible
libncurses6 6.2+20201114-2 CVE-2021-39537 Negligible
libncursesw6 6.2+20201114-2 CVE-2021-39537 Negligible
libpcre3 2:8.39-13 CVE-2017-11164 Negligible
libpcre3 2:8.39-13 CVE-2017-16231 Negligible
libpcre3 2:8.39-13 CVE-2017-7245 Negligible
libpcre3 2:8.39-13 CVE-2017-7246 Negligible
libpcre3 2:8.39-13 CVE-2019-20838 Negligible
libperl5.32 5.32.1-4+deb11u2 CVE-2011-4116 Negligible
libperl5.32 5.32.1-4+deb11u2 (won't fix) CVE-2020-16156 Unknown
libpng16-16 1.6.37-3 CVE-2019-6129 Negligible
libpython3.9-minimal 3.9.2-1 (won't fix) CVE-2021-3426 Medium
libpython3.9-minimal 3.9.2-1 CVE-2020-27619 Negligible
libpython3.9-minimal 3.9.2-1 (won't fix) CVE-2021-3733 Unknown
libpython3.9-minimal 3.9.2-1 (won't fix) CVE-2021-29921 Critical
libpython3.9-minimal 3.9.2-1 (won't fix) CVE-2021-3737 Unknown
libpython3.9-stdlib 3.9.2-1 (won't fix) CVE-2021-3426 Medium
libpython3.9-stdlib 3.9.2-1 CVE-2020-27619 Negligible
libpython3.9-stdlib 3.9.2-1 (won't fix) CVE-2021-3733 Unknown
libpython3.9-stdlib 3.9.2-1 (won't fix) CVE-2021-29921 Critical
libpython3.9-stdlib 3.9.2-1 (won't fix) CVE-2021-3737 Unknown
libsepol1 3.1-1 (won't fix) CVE-2021-36084 Low
libsepol1 3.1-1 (won't fix) CVE-2021-36085 Low
libsepol1 3.1-1 (won't fix) CVE-2021-36086 Low
libsepol1 3.1-1 (won't fix) CVE-2021-36087 Low
libsqlite3-0 3.34.1-3 CVE-2021-36690 Negligible
libssl1.1 1.1.1k-1+deb11u1 CVE-2007-6755 Negligible
libssl1.1 1.1.1k-1+deb11u1 CVE-2010-0928 Negligible
libsystemd0 247.3-6 CVE-2013-4392 Negligible
libsystemd0 247.3-6 CVE-2020-13529 Negligible
libthrift 0.13.0 CVE-2020-13949 High
libtinfo6 6.2+20201114-2 CVE-2021-39537 Negligible
libudev1 247.3-6 CVE-2013-4392 Negligible
libudev1 247.3-6 CVE-2020-13529 Negligible
log4j-api 2.13.3 2.15.0 GHSA-jfh8-c2jp-5v3q Critical
log4j-api 2.13.3 2.16.0 GHSA-7rjr-3q55-vv33 Medium
log4j-api 2.13.3 CVE-2021-44228 Critical
log4j-api 2.13.3 CVE-2021-45046 Low
log4j-over-slf4j 1.7.28 CVE-2020-9488 Low
log4j-to-slf4j 2.13.3 CVE-2021-44228 Critical
log4j-to-slf4j 2.13.3 CVE-2021-45046 Low
login 1:4.8.1-1 CVE-2007-5686 Negligible
login 1:4.8.1-1 CVE-2013-4235 Negligible
login 1:4.8.1-1 CVE-2019-19882 Negligible
ncurses-base 6.2+20201114-2 CVE-2021-39537 Negligible
ncurses-bin 6.2+20201114-2 CVE-2021-39537 Negligible
netty 3.10.6.Final CVE-2019-16869 High
netty 3.10.6.Final CVE-2019-20444 Critical
netty 3.10.6.Final CVE-2019-20445 Critical
netty 3.10.6.Final CVE-2021-21290 Medium
netty 3.10.6.Final CVE-2021-21295 Medium
netty 3.10.6.Final CVE-2021-21409 Medium
netty 3.10.6.Final CVE-2021-37136 High
netty 3.10.6.Final CVE-2021-37137 High
netty 3.10.6.Final CVE-2021-43797 Medium
netty-all 4.1.34.Final 4.1.42 GHSA-p979-4mfw-53vg Medium
netty-codec 4.1.52.Final 4.1.68.Final GHSA-grg4-wf29-r9vv Medium
netty-codec 4.1.52.Final 4.1.68.Final GHSA-9vjp-v76f-g363 Medium
netty-codec 4.1.48.Final 4.1.68.Final GHSA-grg4-wf29-r9vv Medium
netty-codec 4.1.48.Final 4.1.68.Final GHSA-9vjp-v76f-g363 Medium
gnought
December 17, 2021, 3:35pm
5
netty-codec-http 4.1.52.Final 4.1.59.Final GHSA-5mcr-gq6c-3hq2 Medium
netty-codec-http 4.1.52.Final 4.1.71.Final GHSA-wx5j-54mm-rqqq Medium
netty-codec-http 4.1.48.Final 4.1.59.Final GHSA-5mcr-gq6c-3hq2 Medium
netty-codec-http 4.1.48.Final 4.1.71.Final GHSA-wx5j-54mm-rqqq Medium
netty-codec-http2 4.1.52.Final 4.1.60.Final GHSA-wm47-8v5p-wjpj Medium
netty-codec-http2 4.1.52.Final 4.1.61.Final GHSA-f256-j965-7f32 Medium
netty-codec-http2 4.1.48.Final 4.1.60.Final GHSA-wm47-8v5p-wjpj Medium
netty-codec-http2 4.1.48.Final 4.1.61.Final GHSA-f256-j965-7f32 Medium
netty-reactive-streams 2.0.0 CVE-2014-3488 Medium
netty-reactive-streams 2.0.0 CVE-2015-2156 High
netty-reactive-streams 2.0.0 CVE-2019-16869 High
netty-reactive-streams 2.0.0 CVE-2019-20444 Critical
netty-reactive-streams 2.0.0 CVE-2019-20445 Critical
netty-reactive-streams 2.0.0 CVE-2021-21290 Medium
netty-reactive-streams 2.0.0 CVE-2021-21295 Medium
netty-reactive-streams 2.0.0 CVE-2021-21409 Medium
netty-reactive-streams 2.0.0 CVE-2021-37136 High
netty-reactive-streams 2.0.0 CVE-2021-37137 High
netty-reactive-streams 2.0.0 CVE-2021-43797 Medium
netty-reactive-streams-http 2.0.5 CVE-2014-3488 Medium
netty-reactive-streams-http 2.0.5 CVE-2015-2156 High
netty-reactive-streams-http 2.0.5 CVE-2019-16869 High
netty-reactive-streams-http 2.0.5 CVE-2019-20444 Critical
netty-reactive-streams-http 2.0.5 CVE-2019-20445 Critical
netty-reactive-streams-http 2.0.5 CVE-2021-21290 Medium
netty-reactive-streams-http 2.0.5 CVE-2021-21295 Medium
netty-reactive-streams-http 2.0.5 CVE-2021-21409 Medium
netty-reactive-streams-http 2.0.5 CVE-2021-37136 High
netty-reactive-streams-http 2.0.5 CVE-2021-37137 High
netty-reactive-streams-http 2.0.5 CVE-2021-43797 Medium
openssh-client 1:8.4p1-5 CVE-2007-2243 Negligible
openssh-client 1:8.4p1-5 CVE-2007-2768 Negligible
openssh-client 1:8.4p1-5 CVE-2008-3234 Negligible
openssh-client 1:8.4p1-5 CVE-2018-15919 Negligible
openssh-client 1:8.4p1-5 CVE-2019-6110 Negligible
openssh-client 1:8.4p1-5 CVE-2020-14145 Negligible
openssh-client 1:8.4p1-5 CVE-2020-15778 Negligible
openssh-client 1:8.4p1-5 CVE-2016-20012 Negligible
openssh-client 1:8.4p1-5 (won't fix) CVE-2021-41617 High
openssl 1.1.1k-1+deb11u1 CVE-2007-6755 Negligible
openssl 1.1.1k-1+deb11u1 CVE-2010-0928 Negligible
passwd 1:4.8.1-1 CVE-2007-5686 Negligible
passwd 1:4.8.1-1 CVE-2013-4235 Negligible
passwd 1:4.8.1-1 CVE-2019-19882 Negligible
perl 5.32.1-4+deb11u2 CVE-2011-4116 Negligible
perl 5.32.1-4+deb11u2 (won't fix) CVE-2020-16156 Unknown
perl-base 5.32.1-4+deb11u2 CVE-2011-4116 Negligible
perl-base 5.32.1-4+deb11u2 (won't fix) CVE-2020-16156 Unknown
perl-modules-5.32 5.32.1-4+deb11u2 CVE-2011-4116 Negligible
perl-modules-5.32 5.32.1-4+deb11u2 (won't fix) CVE-2020-16156 Unknown
postgresql 42.2.18 CVE-2017-8806 Medium
protobuf-java 2.5.0 CVE-2015-5237 High
python3.9 3.9.2-1 (won't fix) CVE-2021-3426 Medium
python3.9 3.9.2-1 CVE-2020-27619 Negligible
python3.9 3.9.2-1 (won't fix) CVE-2021-3733 Unknown
python3.9 3.9.2-1 (won't fix) CVE-2021-29921 Critical
python3.9 3.9.2-1 (won't fix) CVE-2021-3737 Unknown
python3.9-minimal 3.9.2-1 (won't fix) CVE-2021-3426 Medium
python3.9-minimal 3.9.2-1 CVE-2020-27619 Negligible
python3.9-minimal 3.9.2-1 (won't fix) CVE-2021-3733 Unknown
python3.9-minimal 3.9.2-1 (won't fix) CVE-2021-29921 Critical
python3.9-minimal 3.9.2-1 (won't fix) CVE-2021-3737 Unknown
tar 1.34+dfsg-1 CVE-2005-2541 Negligible
wget 1.21-1+b1 (won't fix) CVE-2021-31879 Medium