{ "version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json", "runs": [ { "tool": { "driver": { "name": "Grype", "version": "0.61.1", "informationUri": "https://github.com/anchore/grype", "rules": [ { "id": "CVE-2016-10228-libc-bin", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2016-10228 low vulnerability for libc-bin package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2016-10228\nSeverity: low\nPackage: libc-bin\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc-bin/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2016-10228](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10228)", "markdown": "**Vulnerability CVE-2016-10228**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc-bin/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2016-10228](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10228) |\n" }, "properties": { "security-severity": "5.9" } }, { "id": "CVE-2016-10228-libc6", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2016-10228 low vulnerability for libc6 package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2016-10228\nSeverity: low\nPackage: libc6\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc6/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2016-10228](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10228)", "markdown": "**Vulnerability CVE-2016-10228**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc6/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2016-10228](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10228) |\n" }, "properties": { "security-severity": "5.9" } }, { "id": "CVE-2018-25032-zlib1g", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2018-25032 medium vulnerability for zlib1g package" }, "fullDescription": { "text": "Version 1:1.2.11.dfsg-2ubuntu1 is affected with an available fix in versions 1:1.2.11.dfsg-2ubuntu1.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2018-25032\nSeverity: medium\nPackage: zlib1g\nVersion: 1:1.2.11.dfsg-2ubuntu1\nFix Version: 1:1.2.11.dfsg-2ubuntu1.3\nType: deb\nLocation: /usr/share/doc/zlib1g/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2018-25032](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-25032)", "markdown": "**Vulnerability CVE-2018-25032**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | zlib1g | 1:1.2.11.dfsg-2ubuntu1 | 1:1.2.11.dfsg-2ubuntu1.3 | deb | /usr/share/doc/zlib1g/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2018-25032](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-25032) |\n" }, "properties": { "security-severity": "7.5" } }, { "id": "CVE-2019-18276-bash", "name": "DpkgMatcherExactDirectMatch", "shortDescription": { "text": "CVE-2019-18276 low vulnerability for bash package" }, "fullDescription": { "text": "Version 5.0-6ubuntu1 is affected with an available fix in versions 5.0-6ubuntu1.2" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2019-18276\nSeverity: low\nPackage: bash\nVersion: 5.0-6ubuntu1\nFix Version: 5.0-6ubuntu1.2\nType: deb\nLocation: /usr/share/doc/bash/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2019-18276](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-18276)", "markdown": "**Vulnerability CVE-2019-18276**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | bash | 5.0-6ubuntu1 | 5.0-6ubuntu1.2 | deb | /usr/share/doc/bash/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2019-18276](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-18276) |\n" }, "properties": { "security-severity": "7.8" } }, { "id": "CVE-2019-20838-libpcre3", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2019-20838 low vulnerability for libpcre3 package" }, "fullDescription": { "text": "Version 2:8.39-12build1 is affected with an available fix in versions 2:8.39-12ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2019-20838\nSeverity: low\nPackage: libpcre3\nVersion: 2:8.39-12build1\nFix Version: 2:8.39-12ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libpcre3/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2019-20838](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-20838)", "markdown": "**Vulnerability CVE-2019-20838**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libpcre3 | 2:8.39-12build1 | 2:8.39-12ubuntu0.1 | deb | /usr/share/doc/libpcre3/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2019-20838](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-20838) |\n" }, "properties": { "security-severity": "7.5" } }, { "id": "CVE-2019-25013-libc-bin", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2019-25013 low vulnerability for libc-bin package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2019-25013\nSeverity: low\nPackage: libc-bin\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc-bin/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2019-25013](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-25013)", "markdown": "**Vulnerability CVE-2019-25013**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc-bin/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2019-25013](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-25013) |\n" }, "properties": { "security-severity": "7.1" } }, { "id": "CVE-2019-25013-libc6", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2019-25013 low vulnerability for libc6 package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2019-25013\nSeverity: low\nPackage: libc6\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc6/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2019-25013](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-25013)", "markdown": "**Vulnerability CVE-2019-25013**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc6/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2019-25013](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-25013) |\n" }, "properties": { "security-severity": "7.1" } }, { "id": "CVE-2019-9923-tar", "name": "DpkgMatcherExactDirectMatch", "shortDescription": { "text": "CVE-2019-9923 low vulnerability for tar package" }, "fullDescription": { "text": "Version 1.30+dfsg-7 is affected with an available fix in versions 1.30+dfsg-7ubuntu0.20.04.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2019-9923\nSeverity: low\nPackage: tar\nVersion: 1.30+dfsg-7\nFix Version: 1.30+dfsg-7ubuntu0.20.04.1\nType: deb\nLocation: /usr/share/doc/tar/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2019-9923](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9923)", "markdown": "**Vulnerability CVE-2019-9923**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | tar | 1.30+dfsg-7 | 1.30+dfsg-7ubuntu0.20.04.1 | deb | /usr/share/doc/tar/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2019-9923](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9923) |\n" }, "properties": { "security-severity": "7.5" } }, { "id": "CVE-2020-10543-perl-base", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-10543 low vulnerability for perl-base package" }, "fullDescription": { "text": "Version 5.30.0-9build1 is affected with an available fix in versions 5.30.0-9ubuntu0.2" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-10543\nSeverity: low\nPackage: perl-base\nVersion: 5.30.0-9build1\nFix Version: 5.30.0-9ubuntu0.2\nType: deb\nLocation: /usr/share/doc/perl-base/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-10543](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-10543)", "markdown": "**Vulnerability CVE-2020-10543**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | perl-base | 5.30.0-9build1 | 5.30.0-9ubuntu0.2 | deb | /usr/share/doc/perl-base/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-10543](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-10543) |\n" }, "properties": { "security-severity": "8.2" } }, { "id": "CVE-2020-10878-perl-base", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-10878 low vulnerability for perl-base package" }, "fullDescription": { "text": "Version 5.30.0-9build1 is affected with an available fix in versions 5.30.0-9ubuntu0.2" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-10878\nSeverity: low\nPackage: perl-base\nVersion: 5.30.0-9build1\nFix Version: 5.30.0-9ubuntu0.2\nType: deb\nLocation: /usr/share/doc/perl-base/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-10878](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-10878)", "markdown": "**Vulnerability CVE-2020-10878**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | perl-base | 5.30.0-9build1 | 5.30.0-9ubuntu0.2 | deb | /usr/share/doc/perl-base/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-10878](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-10878) |\n" }, "properties": { "security-severity": "8.6" } }, { "id": "CVE-2020-12723-perl-base", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-12723 low vulnerability for perl-base package" }, "fullDescription": { "text": "Version 5.30.0-9build1 is affected with an available fix in versions 5.30.0-9ubuntu0.2" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-12723\nSeverity: low\nPackage: perl-base\nVersion: 5.30.0-9build1\nFix Version: 5.30.0-9ubuntu0.2\nType: deb\nLocation: /usr/share/doc/perl-base/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-12723](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-12723)", "markdown": "**Vulnerability CVE-2020-12723**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | perl-base | 5.30.0-9build1 | 5.30.0-9ubuntu0.2 | deb | /usr/share/doc/perl-base/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-12723](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-12723) |\n" }, "properties": { "security-severity": "7.5" } }, { "id": "CVE-2020-13529-libsystemd0", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-13529 low vulnerability for libsystemd0 package" }, "fullDescription": { "text": "Version 245.4-4ubuntu3.1 is affected with an available fix in versions 245.4-4ubuntu3.10" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-13529\nSeverity: low\nPackage: libsystemd0\nVersion: 245.4-4ubuntu3.1\nFix Version: 245.4-4ubuntu3.10\nType: deb\nLocation: /usr/share/doc/libsystemd0/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-13529](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-13529)", "markdown": "**Vulnerability CVE-2020-13529**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsystemd0 | 245.4-4ubuntu3.1 | 245.4-4ubuntu3.10 | deb | /usr/share/doc/libsystemd0/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-13529](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-13529) |\n" }, "properties": { "security-severity": "6.1" } }, { "id": "CVE-2020-13529-libudev1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-13529 low vulnerability for libudev1 package" }, "fullDescription": { "text": "Version 245.4-4ubuntu3.1 is affected with an available fix in versions 245.4-4ubuntu3.10" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-13529\nSeverity: low\nPackage: libudev1\nVersion: 245.4-4ubuntu3.1\nFix Version: 245.4-4ubuntu3.10\nType: deb\nLocation: /usr/share/doc/libudev1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-13529](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-13529)", "markdown": "**Vulnerability CVE-2020-13529**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libudev1 | 245.4-4ubuntu3.1 | 245.4-4ubuntu3.10 | deb | /usr/share/doc/libudev1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-13529](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-13529) |\n" }, "properties": { "security-severity": "6.1" } }, { "id": "CVE-2020-13844-gcc-10-base", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-13844 medium vulnerability for gcc-10-base package" }, "fullDescription": { "text": "Version 10-20200411-0ubuntu1 is affected with an available fix in versions 10.2.0-5ubuntu1~20.04" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-13844\nSeverity: medium\nPackage: gcc-10-base\nVersion: 10-20200411-0ubuntu1\nFix Version: 10.2.0-5ubuntu1~20.04\nType: deb\nLocation: /usr/share/doc/gcc-10-base/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-13844](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-13844)", "markdown": "**Vulnerability CVE-2020-13844**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | gcc-10-base | 10-20200411-0ubuntu1 | 10.2.0-5ubuntu1~20.04 | deb | /usr/share/doc/gcc-10-base/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-13844](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-13844) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2020-13844-libgcc-s1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-13844 medium vulnerability for libgcc-s1 package" }, "fullDescription": { "text": "Version 10-20200411-0ubuntu1 is affected with an available fix in versions 10.2.0-5ubuntu1~20.04" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-13844\nSeverity: medium\nPackage: libgcc-s1\nVersion: 10-20200411-0ubuntu1\nFix Version: 10.2.0-5ubuntu1~20.04\nType: deb\nLocation: /usr/share/doc/libgcc-s1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-13844](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-13844)", "markdown": "**Vulnerability CVE-2020-13844**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libgcc-s1 | 10-20200411-0ubuntu1 | 10.2.0-5ubuntu1~20.04 | deb | /usr/share/doc/libgcc-s1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-13844](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-13844) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2020-13844-libstdc++6", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-13844 medium vulnerability for libstdc++6 package" }, "fullDescription": { "text": "Version 10-20200411-0ubuntu1 is affected with an available fix in versions 10.2.0-5ubuntu1~20.04" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-13844\nSeverity: medium\nPackage: libstdc++6\nVersion: 10-20200411-0ubuntu1\nFix Version: 10.2.0-5ubuntu1~20.04\nType: deb\nLocation: /usr/share/doc/libstdc++6/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-13844](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-13844)", "markdown": "**Vulnerability CVE-2020-13844**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libstdc++6 | 10-20200411-0ubuntu1 | 10.2.0-5ubuntu1~20.04 | deb | /usr/share/doc/libstdc++6/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-13844](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-13844) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2020-14155-libpcre3", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-14155 low vulnerability for libpcre3 package" }, "fullDescription": { "text": "Version 2:8.39-12build1 is affected with an available fix in versions 2:8.39-12ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-14155\nSeverity: low\nPackage: libpcre3\nVersion: 2:8.39-12build1\nFix Version: 2:8.39-12ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libpcre3/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-14155](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-14155)", "markdown": "**Vulnerability CVE-2020-14155**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libpcre3 | 2:8.39-12build1 | 2:8.39-12ubuntu0.1 | deb | /usr/share/doc/libpcre3/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-14155](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-14155) |\n" }, "properties": { "security-severity": "5.3" } }, { "id": "CVE-2020-16156-perl-base", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-16156 medium vulnerability for perl-base package" }, "fullDescription": { "text": "Version 5.30.0-9build1 is affected with an available fix in versions 5.30.0-9ubuntu0.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-16156\nSeverity: medium\nPackage: perl-base\nVersion: 5.30.0-9build1\nFix Version: 5.30.0-9ubuntu0.3\nType: deb\nLocation: /usr/share/doc/perl-base/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-16156](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-16156)", "markdown": "**Vulnerability CVE-2020-16156**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | perl-base | 5.30.0-9build1 | 5.30.0-9ubuntu0.3 | deb | /usr/share/doc/perl-base/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-16156](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-16156) |\n" }, "properties": { "security-severity": "7.8" } }, { "id": "CVE-2020-24659-libgnutls30", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-24659 medium vulnerability for libgnutls30 package" }, "fullDescription": { "text": "Version 3.6.13-2ubuntu1.1 is affected with an available fix in versions 3.6.13-2ubuntu1.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-24659\nSeverity: medium\nPackage: libgnutls30\nVersion: 3.6.13-2ubuntu1.1\nFix Version: 3.6.13-2ubuntu1.3\nType: deb\nLocation: /usr/share/doc/libgnutls30/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-24659](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-24659)", "markdown": "**Vulnerability CVE-2020-24659**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libgnutls30 | 3.6.13-2ubuntu1.1 | 3.6.13-2ubuntu1.3 | deb | /usr/share/doc/libgnutls30/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-24659](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-24659) |\n" }, "properties": { "security-severity": "7.5" } }, { "id": "CVE-2020-27350-apt", "name": "DpkgMatcherExactDirectMatch", "shortDescription": { "text": "CVE-2020-27350 medium vulnerability for apt package" }, "fullDescription": { "text": "Version 2.0.2ubuntu0.1 is affected with an available fix in versions 2.0.2ubuntu0.2" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-27350\nSeverity: medium\nPackage: apt\nVersion: 2.0.2ubuntu0.1\nFix Version: 2.0.2ubuntu0.2\nType: deb\nLocation: /usr/share/doc/apt/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-27350](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-27350)", "markdown": "**Vulnerability CVE-2020-27350**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | apt | 2.0.2ubuntu0.1 | 2.0.2ubuntu0.2 | deb | /usr/share/doc/apt/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-27350](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-27350) |\n" }, "properties": { "security-severity": "5.7" } }, { "id": "CVE-2020-27350-libapt-pkg6.0", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-27350 medium vulnerability for libapt-pkg6.0 package" }, "fullDescription": { "text": "Version 2.0.2ubuntu0.1 is affected with an available fix in versions 2.0.2ubuntu0.2" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-27350\nSeverity: medium\nPackage: libapt-pkg6.0\nVersion: 2.0.2ubuntu0.1\nFix Version: 2.0.2ubuntu0.2\nType: deb\nLocation: /usr/share/doc/libapt-pkg6.0/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-27350](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-27350)", "markdown": "**Vulnerability CVE-2020-27350**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libapt-pkg6.0 | 2.0.2ubuntu0.1 | 2.0.2ubuntu0.2 | deb | /usr/share/doc/libapt-pkg6.0/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-27350](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-27350) |\n" }, "properties": { "security-severity": "5.7" } }, { "id": "CVE-2020-27618-libc-bin", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-27618 low vulnerability for libc-bin package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-27618\nSeverity: low\nPackage: libc-bin\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc-bin/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-27618](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-27618)", "markdown": "**Vulnerability CVE-2020-27618**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc-bin/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-27618](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-27618) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2020-27618-libc6", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-27618 low vulnerability for libc6 package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-27618\nSeverity: low\nPackage: libc6\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc6/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-27618](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-27618)", "markdown": "**Vulnerability CVE-2020-27618**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc6/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-27618](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-27618) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2020-29361-libp11-kit0", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-29361 medium vulnerability for libp11-kit0 package" }, "fullDescription": { "text": "Version 0.23.20-1build1 is affected with an available fix in versions 0.23.20-1ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-29361\nSeverity: medium\nPackage: libp11-kit0\nVersion: 0.23.20-1build1\nFix Version: 0.23.20-1ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libp11-kit0/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-29361](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-29361)", "markdown": "**Vulnerability CVE-2020-29361**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libp11-kit0 | 0.23.20-1build1 | 0.23.20-1ubuntu0.1 | deb | /usr/share/doc/libp11-kit0/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-29361](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-29361) |\n" }, "properties": { "security-severity": "7.5" } }, { "id": "CVE-2020-29362-libp11-kit0", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-29362 medium vulnerability for libp11-kit0 package" }, "fullDescription": { "text": "Version 0.23.20-1build1 is affected with an available fix in versions 0.23.20-1ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-29362\nSeverity: medium\nPackage: libp11-kit0\nVersion: 0.23.20-1build1\nFix Version: 0.23.20-1ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libp11-kit0/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-29362](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-29362)", "markdown": "**Vulnerability CVE-2020-29362**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libp11-kit0 | 0.23.20-1build1 | 0.23.20-1ubuntu0.1 | deb | /usr/share/doc/libp11-kit0/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-29362](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-29362) |\n" }, "properties": { "security-severity": "5.3" } }, { "id": "CVE-2020-29363-libp11-kit0", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-29363 medium vulnerability for libp11-kit0 package" }, "fullDescription": { "text": "Version 0.23.20-1build1 is affected with an available fix in versions 0.23.20-1ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-29363\nSeverity: medium\nPackage: libp11-kit0\nVersion: 0.23.20-1build1\nFix Version: 0.23.20-1ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libp11-kit0/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-29363](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-29363)", "markdown": "**Vulnerability CVE-2020-29363**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libp11-kit0 | 0.23.20-1build1 | 0.23.20-1ubuntu0.1 | deb | /usr/share/doc/libp11-kit0/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-29363](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-29363) |\n" }, "properties": { "security-severity": "7.5" } }, { "id": "CVE-2020-29562-libc-bin", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-29562 low vulnerability for libc-bin package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-29562\nSeverity: low\nPackage: libc-bin\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc-bin/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-29562](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-29562)", "markdown": "**Vulnerability CVE-2020-29562**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc-bin/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-29562](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-29562) |\n" }, "properties": { "security-severity": "4.8" } }, { "id": "CVE-2020-29562-libc6", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-29562 low vulnerability for libc6 package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-29562\nSeverity: low\nPackage: libc6\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc6/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-29562](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-29562)", "markdown": "**Vulnerability CVE-2020-29562**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc6/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-29562](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-29562) |\n" }, "properties": { "security-severity": "4.8" } }, { "id": "CVE-2020-6096-libc-bin", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-6096 low vulnerability for libc-bin package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-6096\nSeverity: low\nPackage: libc-bin\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc-bin/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-6096](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-6096)", "markdown": "**Vulnerability CVE-2020-6096**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc-bin/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-6096](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-6096) |\n" }, "properties": { "security-severity": "8.1" } }, { "id": "CVE-2020-6096-libc6", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2020-6096 low vulnerability for libc6 package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2020-6096\nSeverity: low\nPackage: libc6\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc6/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2020-6096](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-6096)", "markdown": "**Vulnerability CVE-2020-6096**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc6/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2020-6096](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-6096) |\n" }, "properties": { "security-severity": "8.1" } }, { "id": "CVE-2021-20193-tar", "name": "DpkgMatcherExactDirectMatch", "shortDescription": { "text": "CVE-2021-20193 low vulnerability for tar package" }, "fullDescription": { "text": "Version 1.30+dfsg-7 is affected with an available fix in versions 1.30+dfsg-7ubuntu0.20.04.2" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-20193\nSeverity: low\nPackage: tar\nVersion: 1.30+dfsg-7\nFix Version: 1.30+dfsg-7ubuntu0.20.04.2\nType: deb\nLocation: /usr/share/doc/tar/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-20193](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-20193)", "markdown": "**Vulnerability CVE-2021-20193**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | tar | 1.30+dfsg-7 | 1.30+dfsg-7ubuntu0.20.04.2 | deb | /usr/share/doc/tar/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-20193](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-20193) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-20231-libgnutls30", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-20231 low vulnerability for libgnutls30 package" }, "fullDescription": { "text": "Version 3.6.13-2ubuntu1.1 is affected with an available fix in versions 3.6.13-2ubuntu1.6" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-20231\nSeverity: low\nPackage: libgnutls30\nVersion: 3.6.13-2ubuntu1.1\nFix Version: 3.6.13-2ubuntu1.6\nType: deb\nLocation: /usr/share/doc/libgnutls30/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-20231](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-20231)", "markdown": "**Vulnerability CVE-2021-20231**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libgnutls30 | 3.6.13-2ubuntu1.1 | 3.6.13-2ubuntu1.6 | deb | /usr/share/doc/libgnutls30/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-20231](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-20231) |\n" }, "properties": { "security-severity": "9.8" } }, { "id": "CVE-2021-20232-libgnutls30", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-20232 low vulnerability for libgnutls30 package" }, "fullDescription": { "text": "Version 3.6.13-2ubuntu1.1 is affected with an available fix in versions 3.6.13-2ubuntu1.6" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-20232\nSeverity: low\nPackage: libgnutls30\nVersion: 3.6.13-2ubuntu1.1\nFix Version: 3.6.13-2ubuntu1.6\nType: deb\nLocation: /usr/share/doc/libgnutls30/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-20232](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-20232)", "markdown": "**Vulnerability CVE-2021-20232**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libgnutls30 | 3.6.13-2ubuntu1.1 | 3.6.13-2ubuntu1.6 | deb | /usr/share/doc/libgnutls30/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-20232](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-20232) |\n" }, "properties": { "security-severity": "9.8" } }, { "id": "CVE-2021-20305-libhogweed5", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-20305 medium vulnerability for libhogweed5 package" }, "fullDescription": { "text": "Version 3.5.1+really3.5.1-2 is affected with an available fix in versions 3.5.1+really3.5.1-2ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-20305\nSeverity: medium\nPackage: libhogweed5\nVersion: 3.5.1+really3.5.1-2\nFix Version: 3.5.1+really3.5.1-2ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libhogweed5/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-20305](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-20305)", "markdown": "**Vulnerability CVE-2021-20305**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libhogweed5 | 3.5.1+really3.5.1-2 | 3.5.1+really3.5.1-2ubuntu0.1 | deb | /usr/share/doc/libhogweed5/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-20305](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-20305) |\n" }, "properties": { "security-severity": "8.1" } }, { "id": "CVE-2021-20305-libnettle7", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-20305 medium vulnerability for libnettle7 package" }, "fullDescription": { "text": "Version 3.5.1+really3.5.1-2 is affected with an available fix in versions 3.5.1+really3.5.1-2ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-20305\nSeverity: medium\nPackage: libnettle7\nVersion: 3.5.1+really3.5.1-2\nFix Version: 3.5.1+really3.5.1-2ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libnettle7/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-20305](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-20305)", "markdown": "**Vulnerability CVE-2021-20305**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libnettle7 | 3.5.1+really3.5.1-2 | 3.5.1+really3.5.1-2ubuntu0.1 | deb | /usr/share/doc/libnettle7/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-20305](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-20305) |\n" }, "properties": { "security-severity": "8.1" } }, { "id": "CVE-2021-24031-libzstd1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-24031 medium vulnerability for libzstd1 package" }, "fullDescription": { "text": "Version 1.4.4+dfsg-3 is affected with an available fix in versions 1.4.4+dfsg-3ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-24031\nSeverity: medium\nPackage: libzstd1\nVersion: 1.4.4+dfsg-3\nFix Version: 1.4.4+dfsg-3ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libzstd1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-24031](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-24031)", "markdown": "**Vulnerability CVE-2021-24031**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libzstd1 | 1.4.4+dfsg-3 | 1.4.4+dfsg-3ubuntu0.1 | deb | /usr/share/doc/libzstd1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-24031](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-24031) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-24032-libzstd1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-24032 medium vulnerability for libzstd1 package" }, "fullDescription": { "text": "Version 1.4.4+dfsg-3 is affected with an available fix in versions 1.4.4+dfsg-3ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-24032\nSeverity: medium\nPackage: libzstd1\nVersion: 1.4.4+dfsg-3\nFix Version: 1.4.4+dfsg-3ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libzstd1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-24032](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-24032)", "markdown": "**Vulnerability CVE-2021-24032**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libzstd1 | 1.4.4+dfsg-3 | 1.4.4+dfsg-3ubuntu0.1 | deb | /usr/share/doc/libzstd1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-24032](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-24032) |\n" }, "properties": { "security-severity": "4.7" } }, { "id": "CVE-2021-27645-libc-bin", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-27645 low vulnerability for libc-bin package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-27645\nSeverity: low\nPackage: libc-bin\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc-bin/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-27645](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-27645)", "markdown": "**Vulnerability CVE-2021-27645**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc-bin/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-27645](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-27645) |\n" }, "properties": { "security-severity": "2.5" } }, { "id": "CVE-2021-27645-libc6", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-27645 low vulnerability for libc6 package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-27645\nSeverity: low\nPackage: libc6\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc6/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-27645](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-27645)", "markdown": "**Vulnerability CVE-2021-27645**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc6/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-27645](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-27645) |\n" }, "properties": { "security-severity": "2.5" } }, { "id": "CVE-2021-3326-libc-bin", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3326 low vulnerability for libc-bin package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3326\nSeverity: low\nPackage: libc-bin\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc-bin/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3326](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3326)", "markdown": "**Vulnerability CVE-2021-3326**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc-bin/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3326](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3326) |\n" }, "properties": { "security-severity": "7.5" } }, { "id": "CVE-2021-3326-libc6", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3326 low vulnerability for libc6 package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3326\nSeverity: low\nPackage: libc6\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc6/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3326](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3326)", "markdown": "**Vulnerability CVE-2021-3326**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc6/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3326](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3326) |\n" }, "properties": { "security-severity": "7.5" } }, { "id": "CVE-2021-33560-libgcrypt20", "name": "DpkgMatcherExactDirectMatch", "shortDescription": { "text": "CVE-2021-33560 low vulnerability for libgcrypt20 package" }, "fullDescription": { "text": "Version 1.8.5-5ubuntu1 is affected with an available fix in versions 1.8.5-5ubuntu1.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-33560\nSeverity: low\nPackage: libgcrypt20\nVersion: 1.8.5-5ubuntu1\nFix Version: 1.8.5-5ubuntu1.1\nType: deb\nLocation: /usr/share/doc/libgcrypt20/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-33560](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-33560)", "markdown": "**Vulnerability CVE-2021-33560**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libgcrypt20 | 1.8.5-5ubuntu1 | 1.8.5-5ubuntu1.1 | deb | /usr/share/doc/libgcrypt20/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-33560](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-33560) |\n" }, "properties": { "security-severity": "7.5" } }, { "id": "CVE-2021-33910-libsystemd0", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-33910 high vulnerability for libsystemd0 package" }, "fullDescription": { "text": "Version 245.4-4ubuntu3.1 is affected with an available fix in versions 245.4-4ubuntu3.10" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-33910\nSeverity: high\nPackage: libsystemd0\nVersion: 245.4-4ubuntu3.1\nFix Version: 245.4-4ubuntu3.10\nType: deb\nLocation: /usr/share/doc/libsystemd0/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-33910](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-33910)", "markdown": "**Vulnerability CVE-2021-33910**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libsystemd0 | 245.4-4ubuntu3.1 | 245.4-4ubuntu3.10 | deb | /usr/share/doc/libsystemd0/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-33910](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-33910) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-33910-libudev1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-33910 high vulnerability for libudev1 package" }, "fullDescription": { "text": "Version 245.4-4ubuntu3.1 is affected with an available fix in versions 245.4-4ubuntu3.10" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-33910\nSeverity: high\nPackage: libudev1\nVersion: 245.4-4ubuntu3.1\nFix Version: 245.4-4ubuntu3.10\nType: deb\nLocation: /usr/share/doc/libudev1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-33910](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-33910)", "markdown": "**Vulnerability CVE-2021-33910**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libudev1 | 245.4-4ubuntu3.1 | 245.4-4ubuntu3.10 | deb | /usr/share/doc/libudev1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-33910](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-33910) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3520-liblz4-1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3520 medium vulnerability for liblz4-1 package" }, "fullDescription": { "text": "Version 1.9.2-2 is affected with an available fix in versions 1.9.2-2ubuntu0.20.04.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3520\nSeverity: medium\nPackage: liblz4-1\nVersion: 1.9.2-2\nFix Version: 1.9.2-2ubuntu0.20.04.1\nType: deb\nLocation: /usr/share/doc/liblz4-1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3520](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3520)", "markdown": "**Vulnerability CVE-2021-3520**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | liblz4-1 | 1.9.2-2 | 1.9.2-2ubuntu0.20.04.1 | deb | /usr/share/doc/liblz4-1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3520](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3520) |\n" }, "properties": { "security-severity": "9.8" } }, { "id": "CVE-2021-3580-libhogweed5", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3580 medium vulnerability for libhogweed5 package" }, "fullDescription": { "text": "Version 3.5.1+really3.5.1-2 is affected with an available fix in versions 3.5.1+really3.5.1-2ubuntu0.2" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3580\nSeverity: medium\nPackage: libhogweed5\nVersion: 3.5.1+really3.5.1-2\nFix Version: 3.5.1+really3.5.1-2ubuntu0.2\nType: deb\nLocation: /usr/share/doc/libhogweed5/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3580](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3580)", "markdown": "**Vulnerability CVE-2021-3580**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libhogweed5 | 3.5.1+really3.5.1-2 | 3.5.1+really3.5.1-2ubuntu0.2 | deb | /usr/share/doc/libhogweed5/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3580](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3580) |\n" }, "properties": { "security-severity": "7.5" } }, { "id": "CVE-2021-3580-libnettle7", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3580 medium vulnerability for libnettle7 package" }, "fullDescription": { "text": "Version 3.5.1+really3.5.1-2 is affected with an available fix in versions 3.5.1+really3.5.1-2ubuntu0.2" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3580\nSeverity: medium\nPackage: libnettle7\nVersion: 3.5.1+really3.5.1-2\nFix Version: 3.5.1+really3.5.1-2ubuntu0.2\nType: deb\nLocation: /usr/share/doc/libnettle7/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3580](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3580)", "markdown": "**Vulnerability CVE-2021-3580**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libnettle7 | 3.5.1+really3.5.1-2 | 3.5.1+really3.5.1-2ubuntu0.2 | deb | /usr/share/doc/libnettle7/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3580](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3580) |\n" }, "properties": { "security-severity": "7.5" } }, { "id": "CVE-2021-35942-libc-bin", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-35942 low vulnerability for libc-bin package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-35942\nSeverity: low\nPackage: libc-bin\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc-bin/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-35942](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-35942)", "markdown": "**Vulnerability CVE-2021-35942**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc-bin/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-35942](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-35942) |\n" }, "properties": { "security-severity": "9.1" } }, { "id": "CVE-2021-35942-libc6", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-35942 low vulnerability for libc6 package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-35942\nSeverity: low\nPackage: libc6\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc6/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-35942](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-35942)", "markdown": "**Vulnerability CVE-2021-35942**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc6/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-35942](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-35942) |\n" }, "properties": { "security-severity": "9.1" } }, { "id": "CVE-2021-36084-libsepol1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-36084 low vulnerability for libsepol1 package" }, "fullDescription": { "text": "Version 3.0-1 is affected with an available fix in versions 3.0-1ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-36084\nSeverity: low\nPackage: libsepol1\nVersion: 3.0-1\nFix Version: 3.0-1ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libsepol1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-36084](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-36084)", "markdown": "**Vulnerability CVE-2021-36084**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsepol1 | 3.0-1 | 3.0-1ubuntu0.1 | deb | /usr/share/doc/libsepol1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-36084](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-36084) |\n" }, "properties": { "security-severity": "3.3" } }, { "id": "CVE-2021-36085-libsepol1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-36085 low vulnerability for libsepol1 package" }, "fullDescription": { "text": "Version 3.0-1 is affected with an available fix in versions 3.0-1ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-36085\nSeverity: low\nPackage: libsepol1\nVersion: 3.0-1\nFix Version: 3.0-1ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libsepol1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-36085](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-36085)", "markdown": "**Vulnerability CVE-2021-36085**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsepol1 | 3.0-1 | 3.0-1ubuntu0.1 | deb | /usr/share/doc/libsepol1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-36085](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-36085) |\n" }, "properties": { "security-severity": "3.3" } }, { "id": "CVE-2021-36086-libsepol1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-36086 low vulnerability for libsepol1 package" }, "fullDescription": { "text": "Version 3.0-1 is affected with an available fix in versions 3.0-1ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-36086\nSeverity: low\nPackage: libsepol1\nVersion: 3.0-1\nFix Version: 3.0-1ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libsepol1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-36086](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-36086)", "markdown": "**Vulnerability CVE-2021-36086**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsepol1 | 3.0-1 | 3.0-1ubuntu0.1 | deb | /usr/share/doc/libsepol1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-36086](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-36086) |\n" }, "properties": { "security-severity": "3.3" } }, { "id": "CVE-2021-36087-libsepol1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-36087 low vulnerability for libsepol1 package" }, "fullDescription": { "text": "Version 3.0-1 is affected with an available fix in versions 3.0-1ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-36087\nSeverity: low\nPackage: libsepol1\nVersion: 3.0-1\nFix Version: 3.0-1ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libsepol1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-36087](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-36087)", "markdown": "**Vulnerability CVE-2021-36087**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsepol1 | 3.0-1 | 3.0-1ubuntu0.1 | deb | /usr/share/doc/libsepol1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-36087](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-36087) |\n" }, "properties": { "security-severity": "3.3" } }, { "id": "CVE-2021-3995-bsdutils", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3995 medium vulnerability for bsdutils package" }, "fullDescription": { "text": "Version 1:2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3995\nSeverity: medium\nPackage: bsdutils\nVersion: 1:2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/bsdutils/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995)", "markdown": "**Vulnerability CVE-2021-3995**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | bsdutils | 1:2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/bsdutils/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3995-fdisk", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3995 medium vulnerability for fdisk package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3995\nSeverity: medium\nPackage: fdisk\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/fdisk/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995)", "markdown": "**Vulnerability CVE-2021-3995**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | fdisk | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/fdisk/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3995-libblkid1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3995 medium vulnerability for libblkid1 package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3995\nSeverity: medium\nPackage: libblkid1\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/libblkid1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995)", "markdown": "**Vulnerability CVE-2021-3995**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libblkid1 | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/libblkid1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3995-libfdisk1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3995 medium vulnerability for libfdisk1 package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3995\nSeverity: medium\nPackage: libfdisk1\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/libfdisk1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995)", "markdown": "**Vulnerability CVE-2021-3995**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libfdisk1 | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/libfdisk1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3995-libmount1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3995 medium vulnerability for libmount1 package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3995\nSeverity: medium\nPackage: libmount1\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/libmount1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995)", "markdown": "**Vulnerability CVE-2021-3995**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libmount1 | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/libmount1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3995-libsmartcols1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3995 medium vulnerability for libsmartcols1 package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3995\nSeverity: medium\nPackage: libsmartcols1\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/libsmartcols1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995)", "markdown": "**Vulnerability CVE-2021-3995**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libsmartcols1 | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/libsmartcols1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3995-libuuid1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3995 medium vulnerability for libuuid1 package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3995\nSeverity: medium\nPackage: libuuid1\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/libuuid1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995)", "markdown": "**Vulnerability CVE-2021-3995**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libuuid1 | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/libuuid1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3995-mount", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3995 medium vulnerability for mount package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3995\nSeverity: medium\nPackage: mount\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/mount/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995)", "markdown": "**Vulnerability CVE-2021-3995**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | mount | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/mount/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3995-util-linux", "name": "DpkgMatcherExactDirectMatch", "shortDescription": { "text": "CVE-2021-3995 medium vulnerability for util-linux package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3995\nSeverity: medium\nPackage: util-linux\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/util-linux/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995)", "markdown": "**Vulnerability CVE-2021-3995**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | util-linux | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/util-linux/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3995](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3996-bsdutils", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3996 medium vulnerability for bsdutils package" }, "fullDescription": { "text": "Version 1:2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3996\nSeverity: medium\nPackage: bsdutils\nVersion: 1:2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/bsdutils/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996)", "markdown": "**Vulnerability CVE-2021-3996**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | bsdutils | 1:2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/bsdutils/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3996-fdisk", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3996 medium vulnerability for fdisk package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3996\nSeverity: medium\nPackage: fdisk\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/fdisk/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996)", "markdown": "**Vulnerability CVE-2021-3996**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | fdisk | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/fdisk/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3996-libblkid1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3996 medium vulnerability for libblkid1 package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3996\nSeverity: medium\nPackage: libblkid1\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/libblkid1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996)", "markdown": "**Vulnerability CVE-2021-3996**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libblkid1 | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/libblkid1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3996-libfdisk1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3996 medium vulnerability for libfdisk1 package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3996\nSeverity: medium\nPackage: libfdisk1\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/libfdisk1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996)", "markdown": "**Vulnerability CVE-2021-3996**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libfdisk1 | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/libfdisk1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3996-libmount1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3996 medium vulnerability for libmount1 package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3996\nSeverity: medium\nPackage: libmount1\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/libmount1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996)", "markdown": "**Vulnerability CVE-2021-3996**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libmount1 | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/libmount1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3996-libsmartcols1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3996 medium vulnerability for libsmartcols1 package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3996\nSeverity: medium\nPackage: libsmartcols1\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/libsmartcols1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996)", "markdown": "**Vulnerability CVE-2021-3996**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libsmartcols1 | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/libsmartcols1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3996-libuuid1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3996 medium vulnerability for libuuid1 package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3996\nSeverity: medium\nPackage: libuuid1\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/libuuid1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996)", "markdown": "**Vulnerability CVE-2021-3996**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libuuid1 | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/libuuid1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3996-mount", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3996 medium vulnerability for mount package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3996\nSeverity: medium\nPackage: mount\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/mount/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996)", "markdown": "**Vulnerability CVE-2021-3996**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | mount | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/mount/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3996-util-linux", "name": "DpkgMatcherExactDirectMatch", "shortDescription": { "text": "CVE-2021-3996 medium vulnerability for util-linux package" }, "fullDescription": { "text": "Version 2.34-0.1ubuntu9 is affected with an available fix in versions 2.34-0.1ubuntu9.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3996\nSeverity: medium\nPackage: util-linux\nVersion: 2.34-0.1ubuntu9\nFix Version: 2.34-0.1ubuntu9.3\nType: deb\nLocation: /usr/share/doc/util-linux/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996)", "markdown": "**Vulnerability CVE-2021-3996**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | util-linux | 2.34-0.1ubuntu9 | 2.34-0.1ubuntu9.3 | deb | /usr/share/doc/util-linux/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3997-libsystemd0", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3997 medium vulnerability for libsystemd0 package" }, "fullDescription": { "text": "Version 245.4-4ubuntu3.1 is affected with an available fix in versions 245.4-4ubuntu3.15" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3997\nSeverity: medium\nPackage: libsystemd0\nVersion: 245.4-4ubuntu3.1\nFix Version: 245.4-4ubuntu3.15\nType: deb\nLocation: /usr/share/doc/libsystemd0/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3997](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3997)", "markdown": "**Vulnerability CVE-2021-3997**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libsystemd0 | 245.4-4ubuntu3.1 | 245.4-4ubuntu3.15 | deb | /usr/share/doc/libsystemd0/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3997](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3997) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3997-libudev1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3997 medium vulnerability for libudev1 package" }, "fullDescription": { "text": "Version 245.4-4ubuntu3.1 is affected with an available fix in versions 245.4-4ubuntu3.15" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3997\nSeverity: medium\nPackage: libudev1\nVersion: 245.4-4ubuntu3.1\nFix Version: 245.4-4ubuntu3.15\nType: deb\nLocation: /usr/share/doc/libudev1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3997](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3997)", "markdown": "**Vulnerability CVE-2021-3997**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libudev1 | 245.4-4ubuntu3.1 | 245.4-4ubuntu3.15 | deb | /usr/share/doc/libudev1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3997](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3997) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2021-3999-libc-bin", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3999 medium vulnerability for libc-bin package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3999\nSeverity: medium\nPackage: libc-bin\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc-bin/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3999](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3999)", "markdown": "**Vulnerability CVE-2021-3999**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libc-bin | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc-bin/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3999](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3999) |\n" }, "properties": { "security-severity": "7.8" } }, { "id": "CVE-2021-3999-libc6", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-3999 medium vulnerability for libc6 package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-3999\nSeverity: medium\nPackage: libc6\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc6/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-3999](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3999)", "markdown": "**Vulnerability CVE-2021-3999**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libc6 | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc6/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-3999](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3999) |\n" }, "properties": { "security-severity": "7.8" } }, { "id": "CVE-2021-40528-libgcrypt20", "name": "DpkgMatcherExactDirectMatch", "shortDescription": { "text": "CVE-2021-40528 medium vulnerability for libgcrypt20 package" }, "fullDescription": { "text": "Version 1.8.5-5ubuntu1 is affected with an available fix in versions 1.8.5-5ubuntu1.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-40528\nSeverity: medium\nPackage: libgcrypt20\nVersion: 1.8.5-5ubuntu1\nFix Version: 1.8.5-5ubuntu1.1\nType: deb\nLocation: /usr/share/doc/libgcrypt20/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-40528](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-40528)", "markdown": "**Vulnerability CVE-2021-40528**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libgcrypt20 | 1.8.5-5ubuntu1 | 1.8.5-5ubuntu1.1 | deb | /usr/share/doc/libgcrypt20/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-40528](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-40528) |\n" }, "properties": { "security-severity": "5.9" } }, { "id": "CVE-2021-4209-libgnutls30", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-4209 low vulnerability for libgnutls30 package" }, "fullDescription": { "text": "Version 3.6.13-2ubuntu1.1 is affected with an available fix in versions 3.6.13-2ubuntu1.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-4209\nSeverity: low\nPackage: libgnutls30\nVersion: 3.6.13-2ubuntu1.1\nFix Version: 3.6.13-2ubuntu1.7\nType: deb\nLocation: /usr/share/doc/libgnutls30/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-4209](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-4209)", "markdown": "**Vulnerability CVE-2021-4209**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libgnutls30 | 3.6.13-2ubuntu1.1 | 3.6.13-2ubuntu1.7 | deb | /usr/share/doc/libgnutls30/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-4209](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-4209) |\n" }, "properties": { "security-severity": "6.5" } }, { "id": "CVE-2021-43618-libgmp10", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2021-43618 low vulnerability for libgmp10 package" }, "fullDescription": { "text": "Version 2:6.2.0+dfsg-4 is affected with an available fix in versions 2:6.2.0+dfsg-4ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2021-43618\nSeverity: low\nPackage: libgmp10\nVersion: 2:6.2.0+dfsg-4\nFix Version: 2:6.2.0+dfsg-4ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libgmp10/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2021-43618](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-43618)", "markdown": "**Vulnerability CVE-2021-43618**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libgmp10 | 2:6.2.0+dfsg-4 | 2:6.2.0+dfsg-4ubuntu0.1 | deb | /usr/share/doc/libgmp10/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2021-43618](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-43618) |\n" }, "properties": { "security-severity": "7.5" } }, { "id": "CVE-2022-1271-gzip", "name": "DpkgMatcherExactDirectMatch", "shortDescription": { "text": "CVE-2022-1271 medium vulnerability for gzip package" }, "fullDescription": { "text": "Version 1.10-0ubuntu4 is affected with an available fix in versions 1.10-0ubuntu4.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-1271\nSeverity: medium\nPackage: gzip\nVersion: 1.10-0ubuntu4\nFix Version: 1.10-0ubuntu4.1\nType: deb\nLocation: /usr/share/doc/gzip/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-1271](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1271)", "markdown": "**Vulnerability CVE-2022-1271**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | gzip | 1.10-0ubuntu4 | 1.10-0ubuntu4.1 | deb | /usr/share/doc/gzip/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-1271](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1271) |\n" }, "properties": { "security-severity": "8.8" } }, { "id": "CVE-2022-1271-liblzma5", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-1271 medium vulnerability for liblzma5 package" }, "fullDescription": { "text": "Version 5.2.4-1 is affected with an available fix in versions 5.2.4-1ubuntu1.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-1271\nSeverity: medium\nPackage: liblzma5\nVersion: 5.2.4-1\nFix Version: 5.2.4-1ubuntu1.1\nType: deb\nLocation: /usr/share/doc/liblzma5/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-1271](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1271)", "markdown": "**Vulnerability CVE-2022-1271**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | liblzma5 | 5.2.4-1 | 5.2.4-1ubuntu1.1 | deb | /usr/share/doc/liblzma5/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-1271](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1271) |\n" }, "properties": { "security-severity": "8.8" } }, { "id": "CVE-2022-1304-e2fsprogs", "name": "DpkgMatcherExactDirectMatch", "shortDescription": { "text": "CVE-2022-1304 medium vulnerability for e2fsprogs package" }, "fullDescription": { "text": "Version 1.45.5-2ubuntu1 is affected with an available fix in versions 1.45.5-2ubuntu1.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-1304\nSeverity: medium\nPackage: e2fsprogs\nVersion: 1.45.5-2ubuntu1\nFix Version: 1.45.5-2ubuntu1.1\nType: deb\nLocation: /usr/share/doc/e2fsprogs/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-1304](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1304)", "markdown": "**Vulnerability CVE-2022-1304**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | e2fsprogs | 1.45.5-2ubuntu1 | 1.45.5-2ubuntu1.1 | deb | /usr/share/doc/e2fsprogs/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-1304](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1304) |\n" }, "properties": { "security-severity": "7.8" } }, { "id": "CVE-2022-1304-libcom-err2", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-1304 medium vulnerability for libcom-err2 package" }, "fullDescription": { "text": "Version 1.45.5-2ubuntu1 is affected with an available fix in versions 1.45.5-2ubuntu1.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-1304\nSeverity: medium\nPackage: libcom-err2\nVersion: 1.45.5-2ubuntu1\nFix Version: 1.45.5-2ubuntu1.1\nType: deb\nLocation: /usr/share/doc/libcom-err2/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-1304](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1304)", "markdown": "**Vulnerability CVE-2022-1304**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libcom-err2 | 1.45.5-2ubuntu1 | 1.45.5-2ubuntu1.1 | deb | /usr/share/doc/libcom-err2/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-1304](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1304) |\n" }, "properties": { "security-severity": "7.8" } }, { "id": "CVE-2022-1304-libext2fs2", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-1304 medium vulnerability for libext2fs2 package" }, "fullDescription": { "text": "Version 1.45.5-2ubuntu1 is affected with an available fix in versions 1.45.5-2ubuntu1.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-1304\nSeverity: medium\nPackage: libext2fs2\nVersion: 1.45.5-2ubuntu1\nFix Version: 1.45.5-2ubuntu1.1\nType: deb\nLocation: /usr/share/doc/libext2fs2/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-1304](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1304)", "markdown": "**Vulnerability CVE-2022-1304**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libext2fs2 | 1.45.5-2ubuntu1 | 1.45.5-2ubuntu1.1 | deb | /usr/share/doc/libext2fs2/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-1304](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1304) |\n" }, "properties": { "security-severity": "7.8" } }, { "id": "CVE-2022-1304-libss2", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-1304 medium vulnerability for libss2 package" }, "fullDescription": { "text": "Version 1.45.5-2ubuntu1 is affected with an available fix in versions 1.45.5-2ubuntu1.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-1304\nSeverity: medium\nPackage: libss2\nVersion: 1.45.5-2ubuntu1\nFix Version: 1.45.5-2ubuntu1.1\nType: deb\nLocation: /usr/share/doc/libss2/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-1304](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1304)", "markdown": "**Vulnerability CVE-2022-1304**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libss2 | 1.45.5-2ubuntu1 | 1.45.5-2ubuntu1.1 | deb | /usr/share/doc/libss2/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-1304](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1304) |\n" }, "properties": { "security-severity": "7.8" } }, { "id": "CVE-2022-1304-logsave", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-1304 medium vulnerability for logsave package" }, "fullDescription": { "text": "Version 1.45.5-2ubuntu1 is affected with an available fix in versions 1.45.5-2ubuntu1.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-1304\nSeverity: medium\nPackage: logsave\nVersion: 1.45.5-2ubuntu1\nFix Version: 1.45.5-2ubuntu1.1\nType: deb\nLocation: /usr/share/doc/logsave/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-1304](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1304)", "markdown": "**Vulnerability CVE-2022-1304**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | logsave | 1.45.5-2ubuntu1 | 1.45.5-2ubuntu1.1 | deb | /usr/share/doc/logsave/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-1304](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1304) |\n" }, "properties": { "security-severity": "7.8" } }, { "id": "CVE-2022-1586-libpcre2-8-0", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-1586 low vulnerability for libpcre2-8-0 package" }, "fullDescription": { "text": "Version 10.34-7 is affected with an available fix in versions 10.34-7ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-1586\nSeverity: low\nPackage: libpcre2-8-0\nVersion: 10.34-7\nFix Version: 10.34-7ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libpcre2-8-0/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-1586](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1586)", "markdown": "**Vulnerability CVE-2022-1586**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libpcre2-8-0 | 10.34-7 | 10.34-7ubuntu0.1 | deb | /usr/share/doc/libpcre2-8-0/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-1586](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1586) |\n" }, "properties": { "security-severity": "9.1" } }, { "id": "CVE-2022-1587-libpcre2-8-0", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-1587 low vulnerability for libpcre2-8-0 package" }, "fullDescription": { "text": "Version 10.34-7 is affected with an available fix in versions 10.34-7ubuntu0.1" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-1587\nSeverity: low\nPackage: libpcre2-8-0\nVersion: 10.34-7\nFix Version: 10.34-7ubuntu0.1\nType: deb\nLocation: /usr/share/doc/libpcre2-8-0/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-1587](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1587)", "markdown": "**Vulnerability CVE-2022-1587**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libpcre2-8-0 | 10.34-7 | 10.34-7ubuntu0.1 | deb | /usr/share/doc/libpcre2-8-0/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-1587](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1587) |\n" }, "properties": { "security-severity": "9.1" } }, { "id": "CVE-2022-1664-dpkg", "name": "DpkgMatcherExactDirectMatch", "shortDescription": { "text": "CVE-2022-1664 medium vulnerability for dpkg package" }, "fullDescription": { "text": "Version 1.19.7ubuntu3 is affected with an available fix in versions 1.19.7ubuntu3.2" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-1664\nSeverity: medium\nPackage: dpkg\nVersion: 1.19.7ubuntu3\nFix Version: 1.19.7ubuntu3.2\nType: deb\nLocation: /usr/share/doc/dpkg/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-1664](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1664)", "markdown": "**Vulnerability CVE-2022-1664**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | dpkg | 1.19.7ubuntu3 | 1.19.7ubuntu3.2 | deb | /usr/share/doc/dpkg/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-1664](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1664) |\n" }, "properties": { "security-severity": "9.8" } }, { "id": "CVE-2022-23218-libc-bin", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-23218 low vulnerability for libc-bin package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-23218\nSeverity: low\nPackage: libc-bin\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc-bin/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-23218](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-23218)", "markdown": "**Vulnerability CVE-2022-23218**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc-bin/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-23218](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-23218) |\n" }, "properties": { "security-severity": "9.8" } }, { "id": "CVE-2022-23218-libc6", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-23218 low vulnerability for libc6 package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-23218\nSeverity: low\nPackage: libc6\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc6/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-23218](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-23218)", "markdown": "**Vulnerability CVE-2022-23218**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc6/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-23218](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-23218) |\n" }, "properties": { "security-severity": "9.8" } }, { "id": "CVE-2022-23219-libc-bin", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-23219 low vulnerability for libc-bin package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-23219\nSeverity: low\nPackage: libc-bin\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc-bin/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-23219](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-23219)", "markdown": "**Vulnerability CVE-2022-23219**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc-bin/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-23219](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-23219) |\n" }, "properties": { "security-severity": "9.8" } }, { "id": "CVE-2022-23219-libc6", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-23219 low vulnerability for libc6 package" }, "fullDescription": { "text": "Version 2.31-0ubuntu9 is affected with an available fix in versions 2.31-0ubuntu9.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-23219\nSeverity: low\nPackage: libc6\nVersion: 2.31-0ubuntu9\nFix Version: 2.31-0ubuntu9.7\nType: deb\nLocation: /usr/share/doc/libc6/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-23219](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-23219)", "markdown": "**Vulnerability CVE-2022-23219**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.31-0ubuntu9 | 2.31-0ubuntu9.7 | deb | /usr/share/doc/libc6/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-23219](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-23219) |\n" }, "properties": { "security-severity": "9.8" } }, { "id": "CVE-2022-2509-libgnutls30", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-2509 medium vulnerability for libgnutls30 package" }, "fullDescription": { "text": "Version 3.6.13-2ubuntu1.1 is affected with an available fix in versions 3.6.13-2ubuntu1.7" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-2509\nSeverity: medium\nPackage: libgnutls30\nVersion: 3.6.13-2ubuntu1.1\nFix Version: 3.6.13-2ubuntu1.7\nType: deb\nLocation: /usr/share/doc/libgnutls30/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-2509](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-2509)", "markdown": "**Vulnerability CVE-2022-2509**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libgnutls30 | 3.6.13-2ubuntu1.1 | 3.6.13-2ubuntu1.7 | deb | /usr/share/doc/libgnutls30/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-2509](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-2509) |\n" }, "properties": { "security-severity": "7.5" } }, { "id": "CVE-2022-28321-libpam-modules", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-28321 low vulnerability for libpam-modules package" }, "fullDescription": { "text": "Version 1.3.1-5ubuntu4 is affected with an available fix in versions 1.3.1-5ubuntu4.4" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-28321\nSeverity: low\nPackage: libpam-modules\nVersion: 1.3.1-5ubuntu4\nFix Version: 1.3.1-5ubuntu4.4\nType: deb\nLocation: /usr/share/doc/libpam-modules/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-28321](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-28321)", "markdown": "**Vulnerability CVE-2022-28321**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libpam-modules | 1.3.1-5ubuntu4 | 1.3.1-5ubuntu4.4 | deb | /usr/share/doc/libpam-modules/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-28321](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-28321) |\n" }, "properties": { "security-severity": "9.8" } }, { "id": "CVE-2022-28321-libpam-modules-bin", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-28321 low vulnerability for libpam-modules-bin package" }, "fullDescription": { "text": "Version 1.3.1-5ubuntu4 is affected with an available fix in versions 1.3.1-5ubuntu4.4" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-28321\nSeverity: low\nPackage: libpam-modules-bin\nVersion: 1.3.1-5ubuntu4\nFix Version: 1.3.1-5ubuntu4.4\nType: deb\nLocation: /usr/share/doc/libpam-modules-bin/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-28321](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-28321)", "markdown": "**Vulnerability CVE-2022-28321**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libpam-modules-bin | 1.3.1-5ubuntu4 | 1.3.1-5ubuntu4.4 | deb | /usr/share/doc/libpam-modules-bin/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-28321](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-28321) |\n" }, "properties": { "security-severity": "9.8" } }, { "id": "CVE-2022-28321-libpam-runtime", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-28321 low vulnerability for libpam-runtime package" }, "fullDescription": { "text": "Version 1.3.1-5ubuntu4 is affected with an available fix in versions 1.3.1-5ubuntu4.4" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-28321\nSeverity: low\nPackage: libpam-runtime\nVersion: 1.3.1-5ubuntu4\nFix Version: 1.3.1-5ubuntu4.4\nType: deb\nLocation: /usr/share/doc/libpam-runtime/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-28321](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-28321)", "markdown": "**Vulnerability CVE-2022-28321**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libpam-runtime | 1.3.1-5ubuntu4 | 1.3.1-5ubuntu4.4 | deb | /usr/share/doc/libpam-runtime/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-28321](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-28321) |\n" }, "properties": { "security-severity": "9.8" } }, { "id": "CVE-2022-28321-libpam0g", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-28321 low vulnerability for libpam0g package" }, "fullDescription": { "text": "Version 1.3.1-5ubuntu4 is affected with an available fix in versions 1.3.1-5ubuntu4.4" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-28321\nSeverity: low\nPackage: libpam0g\nVersion: 1.3.1-5ubuntu4\nFix Version: 1.3.1-5ubuntu4.4\nType: deb\nLocation: /usr/share/doc/libpam0g/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-28321](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-28321)", "markdown": "**Vulnerability CVE-2022-28321**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libpam0g | 1.3.1-5ubuntu4 | 1.3.1-5ubuntu4.4 | deb | /usr/share/doc/libpam0g/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-28321](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-28321) |\n" }, "properties": { "security-severity": "9.8" } }, { "id": "CVE-2022-34903-gpgv", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-34903 medium vulnerability for gpgv package" }, "fullDescription": { "text": "Version 2.2.19-3ubuntu2 is affected with an available fix in versions 2.2.19-3ubuntu2.2" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-34903\nSeverity: medium\nPackage: gpgv\nVersion: 2.2.19-3ubuntu2\nFix Version: 2.2.19-3ubuntu2.2\nType: deb\nLocation: /usr/share/doc/gpgv/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-34903](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-34903)", "markdown": "**Vulnerability CVE-2022-34903**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | gpgv | 2.2.19-3ubuntu2 | 2.2.19-3ubuntu2.2 | deb | /usr/share/doc/gpgv/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-34903](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-34903) |\n" }, "properties": { "security-severity": "6.5" } }, { "id": "CVE-2022-37434-zlib1g", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-37434 medium vulnerability for zlib1g package" }, "fullDescription": { "text": "Version 1:1.2.11.dfsg-2ubuntu1 is affected with an available fix in versions 1:1.2.11.dfsg-2ubuntu1.5" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-37434\nSeverity: medium\nPackage: zlib1g\nVersion: 1:1.2.11.dfsg-2ubuntu1\nFix Version: 1:1.2.11.dfsg-2ubuntu1.5\nType: deb\nLocation: /usr/share/doc/zlib1g/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-37434](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-37434)", "markdown": "**Vulnerability CVE-2022-37434**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | zlib1g | 1:1.2.11.dfsg-2ubuntu1 | 1:1.2.11.dfsg-2ubuntu1.5 | deb | /usr/share/doc/zlib1g/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-37434](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-37434) |\n" }, "properties": { "security-severity": "9.8" } }, { "id": "CVE-2022-3821-libsystemd0", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-3821 medium vulnerability for libsystemd0 package" }, "fullDescription": { "text": "Version 245.4-4ubuntu3.1 is affected with an available fix in versions 245.4-4ubuntu3.20" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-3821\nSeverity: medium\nPackage: libsystemd0\nVersion: 245.4-4ubuntu3.1\nFix Version: 245.4-4ubuntu3.20\nType: deb\nLocation: /usr/share/doc/libsystemd0/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-3821](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3821)", "markdown": "**Vulnerability CVE-2022-3821**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libsystemd0 | 245.4-4ubuntu3.1 | 245.4-4ubuntu3.20 | deb | /usr/share/doc/libsystemd0/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-3821](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3821) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2022-3821-libudev1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-3821 medium vulnerability for libudev1 package" }, "fullDescription": { "text": "Version 245.4-4ubuntu3.1 is affected with an available fix in versions 245.4-4ubuntu3.20" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-3821\nSeverity: medium\nPackage: libudev1\nVersion: 245.4-4ubuntu3.1\nFix Version: 245.4-4ubuntu3.20\nType: deb\nLocation: /usr/share/doc/libudev1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-3821](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3821)", "markdown": "**Vulnerability CVE-2022-3821**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libudev1 | 245.4-4ubuntu3.1 | 245.4-4ubuntu3.20 | deb | /usr/share/doc/libudev1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-3821](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3821) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2022-4415-libsystemd0", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-4415 medium vulnerability for libsystemd0 package" }, "fullDescription": { "text": "Version 245.4-4ubuntu3.1 is affected with an available fix in versions 245.4-4ubuntu3.20" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-4415\nSeverity: medium\nPackage: libsystemd0\nVersion: 245.4-4ubuntu3.1\nFix Version: 245.4-4ubuntu3.20\nType: deb\nLocation: /usr/share/doc/libsystemd0/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-4415](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-4415)", "markdown": "**Vulnerability CVE-2022-4415**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libsystemd0 | 245.4-4ubuntu3.1 | 245.4-4ubuntu3.20 | deb | /usr/share/doc/libsystemd0/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-4415](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-4415) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2022-4415-libudev1", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2022-4415 medium vulnerability for libudev1 package" }, "fullDescription": { "text": "Version 245.4-4ubuntu3.1 is affected with an available fix in versions 245.4-4ubuntu3.20" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-4415\nSeverity: medium\nPackage: libudev1\nVersion: 245.4-4ubuntu3.1\nFix Version: 245.4-4ubuntu3.20\nType: deb\nLocation: /usr/share/doc/libudev1/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-4415](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-4415)", "markdown": "**Vulnerability CVE-2022-4415**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libudev1 | 245.4-4ubuntu3.1 | 245.4-4ubuntu3.20 | deb | /usr/share/doc/libudev1/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-4415](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-4415) |\n" }, "properties": { "security-severity": "5.5" } }, { "id": "CVE-2022-48303-tar", "name": "DpkgMatcherExactDirectMatch", "shortDescription": { "text": "CVE-2022-48303 medium vulnerability for tar package" }, "fullDescription": { "text": "Version 1.30+dfsg-7 is affected with an available fix in versions 1.30+dfsg-7ubuntu0.20.04.3" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2022-48303\nSeverity: medium\nPackage: tar\nVersion: 1.30+dfsg-7\nFix Version: 1.30+dfsg-7ubuntu0.20.04.3\nType: deb\nLocation: /usr/share/doc/tar/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2022-48303](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48303)", "markdown": "**Vulnerability CVE-2022-48303**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | tar | 1.30+dfsg-7 | 1.30+dfsg-7ubuntu0.20.04.3 | deb | /usr/share/doc/tar/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2022-48303](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48303) |\n" }, "properties": { "security-severity": "7.8" } }, { "id": "CVE-2023-0361-libgnutls30", "name": "DpkgMatcherExactIndirectMatch", "shortDescription": { "text": "CVE-2023-0361 medium vulnerability for libgnutls30 package" }, "fullDescription": { "text": "Version 3.6.13-2ubuntu1.1 is affected with an available fix in versions 3.6.13-2ubuntu1.8" }, "helpUri": "https://github.com/anchore/grype", "help": { "text": "Vulnerability CVE-2023-0361\nSeverity: medium\nPackage: libgnutls30\nVersion: 3.6.13-2ubuntu1.1\nFix Version: 3.6.13-2ubuntu1.8\nType: deb\nLocation: /usr/share/doc/libgnutls30/copyright\nData Namespace: ubuntu:distro:ubuntu:20.04\nLink: [CVE-2023-0361](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-0361)", "markdown": "**Vulnerability CVE-2023-0361**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libgnutls30 | 3.6.13-2ubuntu1.1 | 3.6.13-2ubuntu1.8 | deb | /usr/share/doc/libgnutls30/copyright | ubuntu:distro:ubuntu:20.04 | [CVE-2023-0361](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-0361) |\n" }, "properties": { "security-severity": "7.5" } } ] } }, "results": [ { "ruleId": "CVE-2016-10228-libc-bin", "message": { "text": "The path /usr/share/doc/libc-bin/copyright reports libc-bin at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc-bin/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc-bin/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc-bin/copyright" }, { "name": "/var/lib/dpkg/info/libc-bin.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.conffiles" }, { "name": "/var/lib/dpkg/info/libc-bin.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2016-10228-libc6", "message": { "text": "The path /usr/share/doc/libc6/copyright reports libc6 at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc6/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc6/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc6/copyright" }, { "name": "/var/lib/dpkg/info/libc6:amd64.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.conffiles" }, { "name": "/var/lib/dpkg/info/libc6:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2018-25032-zlib1g", "message": { "text": "The path /usr/share/doc/zlib1g/copyright reports zlib1g at version 1:1.2.11.dfsg-2ubuntu1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/zlib1g/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/zlib1g/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/zlib1g/copyright" }, { "name": "/var/lib/dpkg/info/zlib1g:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/zlib1g:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2019-18276-bash", "message": { "text": "The path /usr/share/doc/bash/copyright reports bash at version 5.0-6ubuntu1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/bash/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/bash/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/bash/copyright" }, { "name": "/var/lib/dpkg/info/bash.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/bash.conffiles" }, { "name": "/var/lib/dpkg/info/bash.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/bash.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2019-20838-libpcre3", "message": { "text": "The path /usr/share/doc/libpcre3/copyright reports libpcre3 at version 2:8.39-12build1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libpcre3/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libpcre3/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libpcre3/copyright" }, { "name": "/var/lib/dpkg/info/libpcre3:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libpcre3:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2019-25013-libc-bin", "message": { "text": "The path /usr/share/doc/libc-bin/copyright reports libc-bin at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc-bin/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc-bin/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc-bin/copyright" }, { "name": "/var/lib/dpkg/info/libc-bin.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.conffiles" }, { "name": "/var/lib/dpkg/info/libc-bin.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2019-25013-libc6", "message": { "text": "The path /usr/share/doc/libc6/copyright reports libc6 at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc6/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc6/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc6/copyright" }, { "name": "/var/lib/dpkg/info/libc6:amd64.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.conffiles" }, { "name": "/var/lib/dpkg/info/libc6:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2019-9923-tar", "message": { "text": "The path /usr/share/doc/tar/copyright reports tar at version 1.30+dfsg-7 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/tar/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/tar/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/tar/copyright" }, { "name": "/var/lib/dpkg/info/tar.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/tar.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-10543-perl-base", "message": { "text": "The path /usr/share/doc/perl-base/copyright reports perl-base at version 5.30.0-9build1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/perl-base/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/perl-base/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/perl-base/copyright" }, { "name": "/var/lib/dpkg/info/perl-base.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/perl-base.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-10878-perl-base", "message": { "text": "The path /usr/share/doc/perl-base/copyright reports perl-base at version 5.30.0-9build1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/perl-base/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/perl-base/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/perl-base/copyright" }, { "name": "/var/lib/dpkg/info/perl-base.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/perl-base.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-12723-perl-base", "message": { "text": "The path /usr/share/doc/perl-base/copyright reports perl-base at version 5.30.0-9build1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/perl-base/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/perl-base/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/perl-base/copyright" }, { "name": "/var/lib/dpkg/info/perl-base.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/perl-base.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-13529-libsystemd0", "message": { "text": "The path /usr/share/doc/libsystemd0/copyright reports libsystemd0 at version 245.4-4ubuntu3.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libsystemd0/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libsystemd0/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libsystemd0/copyright" }, { "name": "/var/lib/dpkg/info/libsystemd0:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libsystemd0:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-13529-libudev1", "message": { "text": "The path /usr/share/doc/libudev1/copyright reports libudev1 at version 245.4-4ubuntu3.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libudev1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libudev1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libudev1/copyright" }, { "name": "/var/lib/dpkg/info/libudev1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libudev1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-13844-gcc-10-base", "message": { "text": "The path /usr/share/doc/gcc-10-base/copyright reports gcc-10-base at version 10-20200411-0ubuntu1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/gcc-10-base/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/gcc-10-base/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/gcc-10-base/copyright" }, { "name": "/var/lib/dpkg/info/gcc-10-base:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/gcc-10-base:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-13844-libgcc-s1", "message": { "text": "The path /usr/share/doc/libgcc-s1/copyright reports libgcc-s1 at version 10-20200411-0ubuntu1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libgcc-s1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/gcc-10-base/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libgcc-s1/copyright" }, { "name": "/var/lib/dpkg/info/libgcc-s1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libgcc-s1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-13844-libstdc++6", "message": { "text": "The path /usr/share/doc/libstdc++6/copyright reports libstdc++6 at version 10-20200411-0ubuntu1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libstdc++6/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/gcc-10-base/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libstdc++6/copyright" }, { "name": "/var/lib/dpkg/info/libstdc++6:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libstdc++6:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-14155-libpcre3", "message": { "text": "The path /usr/share/doc/libpcre3/copyright reports libpcre3 at version 2:8.39-12build1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libpcre3/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libpcre3/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libpcre3/copyright" }, { "name": "/var/lib/dpkg/info/libpcre3:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libpcre3:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-16156-perl-base", "message": { "text": "The path /usr/share/doc/perl-base/copyright reports perl-base at version 5.30.0-9build1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/perl-base/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/perl-base/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/perl-base/copyright" }, { "name": "/var/lib/dpkg/info/perl-base.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/perl-base.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-24659-libgnutls30", "message": { "text": "The path /usr/share/doc/libgnutls30/copyright reports libgnutls30 at version 3.6.13-2ubuntu1.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libgnutls30/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libgnutls30/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libgnutls30/copyright" }, { "name": "/var/lib/dpkg/info/libgnutls30:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libgnutls30:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-27350-apt", "message": { "text": "The path /usr/share/doc/apt/copyright reports apt at version 2.0.2ubuntu0.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/apt/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/apt/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/apt/copyright" }, { "name": "/var/lib/dpkg/info/apt.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/apt.conffiles" }, { "name": "/var/lib/dpkg/info/apt.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/apt.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-27350-libapt-pkg6.0", "message": { "text": "The path /usr/share/doc/libapt-pkg6.0/copyright reports libapt-pkg6.0 at version 2.0.2ubuntu0.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libapt-pkg6.0/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libapt-pkg6.0/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libapt-pkg6.0/copyright" }, { "name": "/var/lib/dpkg/info/libapt-pkg6.0:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libapt-pkg6.0:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-27618-libc-bin", "message": { "text": "The path /usr/share/doc/libc-bin/copyright reports libc-bin at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc-bin/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc-bin/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc-bin/copyright" }, { "name": "/var/lib/dpkg/info/libc-bin.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.conffiles" }, { "name": "/var/lib/dpkg/info/libc-bin.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-27618-libc6", "message": { "text": "The path /usr/share/doc/libc6/copyright reports libc6 at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc6/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc6/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc6/copyright" }, { "name": "/var/lib/dpkg/info/libc6:amd64.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.conffiles" }, { "name": "/var/lib/dpkg/info/libc6:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-29361-libp11-kit0", "message": { "text": "The path /usr/share/doc/libp11-kit0/copyright reports libp11-kit0 at version 0.23.20-1build1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libp11-kit0/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libp11-kit0/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libp11-kit0/copyright" }, { "name": "/var/lib/dpkg/info/libp11-kit0:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libp11-kit0:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-29362-libp11-kit0", "message": { "text": "The path /usr/share/doc/libp11-kit0/copyright reports libp11-kit0 at version 0.23.20-1build1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libp11-kit0/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libp11-kit0/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libp11-kit0/copyright" }, { "name": "/var/lib/dpkg/info/libp11-kit0:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libp11-kit0:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-29363-libp11-kit0", "message": { "text": "The path /usr/share/doc/libp11-kit0/copyright reports libp11-kit0 at version 0.23.20-1build1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libp11-kit0/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libp11-kit0/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libp11-kit0/copyright" }, { "name": "/var/lib/dpkg/info/libp11-kit0:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libp11-kit0:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-29562-libc-bin", "message": { "text": "The path /usr/share/doc/libc-bin/copyright reports libc-bin at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc-bin/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc-bin/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc-bin/copyright" }, { "name": "/var/lib/dpkg/info/libc-bin.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.conffiles" }, { "name": "/var/lib/dpkg/info/libc-bin.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-29562-libc6", "message": { "text": "The path /usr/share/doc/libc6/copyright reports libc6 at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc6/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc6/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc6/copyright" }, { "name": "/var/lib/dpkg/info/libc6:amd64.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.conffiles" }, { "name": "/var/lib/dpkg/info/libc6:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-6096-libc-bin", "message": { "text": "The path /usr/share/doc/libc-bin/copyright reports libc-bin at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc-bin/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc-bin/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc-bin/copyright" }, { "name": "/var/lib/dpkg/info/libc-bin.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.conffiles" }, { "name": "/var/lib/dpkg/info/libc-bin.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2020-6096-libc6", "message": { "text": "The path /usr/share/doc/libc6/copyright reports libc6 at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc6/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc6/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc6/copyright" }, { "name": "/var/lib/dpkg/info/libc6:amd64.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.conffiles" }, { "name": "/var/lib/dpkg/info/libc6:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-20193-tar", "message": { "text": "The path /usr/share/doc/tar/copyright reports tar at version 1.30+dfsg-7 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/tar/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/tar/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/tar/copyright" }, { "name": "/var/lib/dpkg/info/tar.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/tar.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-20231-libgnutls30", "message": { "text": "The path /usr/share/doc/libgnutls30/copyright reports libgnutls30 at version 3.6.13-2ubuntu1.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libgnutls30/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libgnutls30/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libgnutls30/copyright" }, { "name": "/var/lib/dpkg/info/libgnutls30:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libgnutls30:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-20232-libgnutls30", "message": { "text": "The path /usr/share/doc/libgnutls30/copyright reports libgnutls30 at version 3.6.13-2ubuntu1.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libgnutls30/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libgnutls30/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libgnutls30/copyright" }, { "name": "/var/lib/dpkg/info/libgnutls30:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libgnutls30:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-20305-libhogweed5", "message": { "text": "The path /usr/share/doc/libhogweed5/copyright reports libhogweed5 at version 3.5.1+really3.5.1-2 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libhogweed5/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libnettle7/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libhogweed5/copyright" }, { "name": "/var/lib/dpkg/info/libhogweed5:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libhogweed5:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-20305-libnettle7", "message": { "text": "The path /usr/share/doc/libnettle7/copyright reports libnettle7 at version 3.5.1+really3.5.1-2 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libnettle7/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libnettle7/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libnettle7/copyright" }, { "name": "/var/lib/dpkg/info/libnettle7:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libnettle7:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-24031-libzstd1", "message": { "text": "The path /usr/share/doc/libzstd1/copyright reports libzstd1 at version 1.4.4+dfsg-3 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libzstd1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libzstd1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libzstd1/copyright" }, { "name": "/var/lib/dpkg/info/libzstd1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libzstd1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-24032-libzstd1", "message": { "text": "The path /usr/share/doc/libzstd1/copyright reports libzstd1 at version 1.4.4+dfsg-3 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libzstd1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libzstd1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libzstd1/copyright" }, { "name": "/var/lib/dpkg/info/libzstd1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libzstd1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-27645-libc-bin", "message": { "text": "The path /usr/share/doc/libc-bin/copyright reports libc-bin at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc-bin/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc-bin/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc-bin/copyright" }, { "name": "/var/lib/dpkg/info/libc-bin.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.conffiles" }, { "name": "/var/lib/dpkg/info/libc-bin.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-27645-libc6", "message": { "text": "The path /usr/share/doc/libc6/copyright reports libc6 at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc6/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc6/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc6/copyright" }, { "name": "/var/lib/dpkg/info/libc6:amd64.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.conffiles" }, { "name": "/var/lib/dpkg/info/libc6:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3326-libc-bin", "message": { "text": "The path /usr/share/doc/libc-bin/copyright reports libc-bin at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc-bin/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc-bin/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc-bin/copyright" }, { "name": "/var/lib/dpkg/info/libc-bin.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.conffiles" }, { "name": "/var/lib/dpkg/info/libc-bin.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3326-libc6", "message": { "text": "The path /usr/share/doc/libc6/copyright reports libc6 at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc6/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc6/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc6/copyright" }, { "name": "/var/lib/dpkg/info/libc6:amd64.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.conffiles" }, { "name": "/var/lib/dpkg/info/libc6:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-33560-libgcrypt20", "message": { "text": "The path /usr/share/doc/libgcrypt20/copyright reports libgcrypt20 at version 1.8.5-5ubuntu1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libgcrypt20/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libgcrypt20/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libgcrypt20/copyright" }, { "name": "/var/lib/dpkg/info/libgcrypt20:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libgcrypt20:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-33910-libsystemd0", "message": { "text": "The path /usr/share/doc/libsystemd0/copyright reports libsystemd0 at version 245.4-4ubuntu3.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libsystemd0/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libsystemd0/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libsystemd0/copyright" }, { "name": "/var/lib/dpkg/info/libsystemd0:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libsystemd0:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-33910-libudev1", "message": { "text": "The path /usr/share/doc/libudev1/copyright reports libudev1 at version 245.4-4ubuntu3.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libudev1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libudev1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libudev1/copyright" }, { "name": "/var/lib/dpkg/info/libudev1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libudev1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3520-liblz4-1", "message": { "text": "The path /usr/share/doc/liblz4-1/copyright reports liblz4-1 at version 1.9.2-2 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/liblz4-1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/liblz4-1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/liblz4-1/copyright" }, { "name": "/var/lib/dpkg/info/liblz4-1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/liblz4-1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3580-libhogweed5", "message": { "text": "The path /usr/share/doc/libhogweed5/copyright reports libhogweed5 at version 3.5.1+really3.5.1-2 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libhogweed5/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libnettle7/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libhogweed5/copyright" }, { "name": "/var/lib/dpkg/info/libhogweed5:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libhogweed5:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3580-libnettle7", "message": { "text": "The path /usr/share/doc/libnettle7/copyright reports libnettle7 at version 3.5.1+really3.5.1-2 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libnettle7/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libnettle7/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libnettle7/copyright" }, { "name": "/var/lib/dpkg/info/libnettle7:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libnettle7:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-35942-libc-bin", "message": { "text": "The path /usr/share/doc/libc-bin/copyright reports libc-bin at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc-bin/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc-bin/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc-bin/copyright" }, { "name": "/var/lib/dpkg/info/libc-bin.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.conffiles" }, { "name": "/var/lib/dpkg/info/libc-bin.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-35942-libc6", "message": { "text": "The path /usr/share/doc/libc6/copyright reports libc6 at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc6/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc6/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc6/copyright" }, { "name": "/var/lib/dpkg/info/libc6:amd64.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.conffiles" }, { "name": "/var/lib/dpkg/info/libc6:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-36084-libsepol1", "message": { "text": "The path /usr/share/doc/libsepol1/copyright reports libsepol1 at version 3.0-1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libsepol1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libsepol1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libsepol1/copyright" }, { "name": "/var/lib/dpkg/info/libsepol1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libsepol1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-36085-libsepol1", "message": { "text": "The path /usr/share/doc/libsepol1/copyright reports libsepol1 at version 3.0-1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libsepol1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libsepol1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libsepol1/copyright" }, { "name": "/var/lib/dpkg/info/libsepol1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libsepol1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-36086-libsepol1", "message": { "text": "The path /usr/share/doc/libsepol1/copyright reports libsepol1 at version 3.0-1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libsepol1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libsepol1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libsepol1/copyright" }, { "name": "/var/lib/dpkg/info/libsepol1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libsepol1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-36087-libsepol1", "message": { "text": "The path /usr/share/doc/libsepol1/copyright reports libsepol1 at version 3.0-1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libsepol1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libsepol1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libsepol1/copyright" }, { "name": "/var/lib/dpkg/info/libsepol1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libsepol1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3995-bsdutils", "message": { "text": "The path /usr/share/doc/bsdutils/copyright reports bsdutils at version 1:2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/bsdutils/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/bsdutils/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/bsdutils/copyright" }, { "name": "/var/lib/dpkg/info/bsdutils.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/bsdutils.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3995-fdisk", "message": { "text": "The path /usr/share/doc/fdisk/copyright reports fdisk at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/fdisk/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/fdisk/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/fdisk/copyright" }, { "name": "/var/lib/dpkg/info/fdisk.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/fdisk.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3995-libblkid1", "message": { "text": "The path /usr/share/doc/libblkid1/copyright reports libblkid1 at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libblkid1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libblkid1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libblkid1/copyright" }, { "name": "/var/lib/dpkg/info/libblkid1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libblkid1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3995-libfdisk1", "message": { "text": "The path /usr/share/doc/libfdisk1/copyright reports libfdisk1 at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libfdisk1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libfdisk1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libfdisk1/copyright" }, { "name": "/var/lib/dpkg/info/libfdisk1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libfdisk1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3995-libmount1", "message": { "text": "The path /usr/share/doc/libmount1/copyright reports libmount1 at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libmount1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libmount1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libmount1/copyright" }, { "name": "/var/lib/dpkg/info/libmount1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libmount1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3995-libsmartcols1", "message": { "text": "The path /usr/share/doc/libsmartcols1/copyright reports libsmartcols1 at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libsmartcols1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libsmartcols1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libsmartcols1/copyright" }, { "name": "/var/lib/dpkg/info/libsmartcols1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libsmartcols1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3995-libuuid1", "message": { "text": "The path /usr/share/doc/libuuid1/copyright reports libuuid1 at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libuuid1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libuuid1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libuuid1/copyright" }, { "name": "/var/lib/dpkg/info/libuuid1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libuuid1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3995-mount", "message": { "text": "The path /usr/share/doc/mount/copyright reports mount at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/mount/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/mount/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/mount/copyright" }, { "name": "/var/lib/dpkg/info/mount.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/mount.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3995-util-linux", "message": { "text": "The path /usr/share/doc/util-linux/copyright reports util-linux at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/util-linux/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/util-linux/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/util-linux/copyright" }, { "name": "/var/lib/dpkg/info/util-linux.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/util-linux.conffiles" }, { "name": "/var/lib/dpkg/info/util-linux.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/util-linux.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3996-bsdutils", "message": { "text": "The path /usr/share/doc/bsdutils/copyright reports bsdutils at version 1:2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/bsdutils/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/bsdutils/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/bsdutils/copyright" }, { "name": "/var/lib/dpkg/info/bsdutils.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/bsdutils.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3996-fdisk", "message": { "text": "The path /usr/share/doc/fdisk/copyright reports fdisk at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/fdisk/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/fdisk/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/fdisk/copyright" }, { "name": "/var/lib/dpkg/info/fdisk.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/fdisk.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3996-libblkid1", "message": { "text": "The path /usr/share/doc/libblkid1/copyright reports libblkid1 at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libblkid1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libblkid1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libblkid1/copyright" }, { "name": "/var/lib/dpkg/info/libblkid1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libblkid1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3996-libfdisk1", "message": { "text": "The path /usr/share/doc/libfdisk1/copyright reports libfdisk1 at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libfdisk1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libfdisk1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libfdisk1/copyright" }, { "name": "/var/lib/dpkg/info/libfdisk1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libfdisk1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3996-libmount1", "message": { "text": "The path /usr/share/doc/libmount1/copyright reports libmount1 at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libmount1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libmount1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libmount1/copyright" }, { "name": "/var/lib/dpkg/info/libmount1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libmount1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3996-libsmartcols1", "message": { "text": "The path /usr/share/doc/libsmartcols1/copyright reports libsmartcols1 at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libsmartcols1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libsmartcols1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libsmartcols1/copyright" }, { "name": "/var/lib/dpkg/info/libsmartcols1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libsmartcols1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3996-libuuid1", "message": { "text": "The path /usr/share/doc/libuuid1/copyright reports libuuid1 at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libuuid1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libuuid1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libuuid1/copyright" }, { "name": "/var/lib/dpkg/info/libuuid1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libuuid1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3996-mount", "message": { "text": "The path /usr/share/doc/mount/copyright reports mount at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/mount/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/mount/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/mount/copyright" }, { "name": "/var/lib/dpkg/info/mount.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/mount.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3996-util-linux", "message": { "text": "The path /usr/share/doc/util-linux/copyright reports util-linux at version 2.34-0.1ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/util-linux/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/util-linux/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/util-linux/copyright" }, { "name": "/var/lib/dpkg/info/util-linux.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/util-linux.conffiles" }, { "name": "/var/lib/dpkg/info/util-linux.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/util-linux.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3997-libsystemd0", "message": { "text": "The path /usr/share/doc/libsystemd0/copyright reports libsystemd0 at version 245.4-4ubuntu3.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libsystemd0/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libsystemd0/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libsystemd0/copyright" }, { "name": "/var/lib/dpkg/info/libsystemd0:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libsystemd0:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3997-libudev1", "message": { "text": "The path /usr/share/doc/libudev1/copyright reports libudev1 at version 245.4-4ubuntu3.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libudev1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libudev1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libudev1/copyright" }, { "name": "/var/lib/dpkg/info/libudev1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libudev1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3999-libc-bin", "message": { "text": "The path /usr/share/doc/libc-bin/copyright reports libc-bin at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc-bin/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc-bin/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc-bin/copyright" }, { "name": "/var/lib/dpkg/info/libc-bin.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.conffiles" }, { "name": "/var/lib/dpkg/info/libc-bin.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-3999-libc6", "message": { "text": "The path /usr/share/doc/libc6/copyright reports libc6 at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc6/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc6/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc6/copyright" }, { "name": "/var/lib/dpkg/info/libc6:amd64.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.conffiles" }, { "name": "/var/lib/dpkg/info/libc6:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-40528-libgcrypt20", "message": { "text": "The path /usr/share/doc/libgcrypt20/copyright reports libgcrypt20 at version 1.8.5-5ubuntu1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libgcrypt20/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libgcrypt20/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libgcrypt20/copyright" }, { "name": "/var/lib/dpkg/info/libgcrypt20:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libgcrypt20:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-4209-libgnutls30", "message": { "text": "The path /usr/share/doc/libgnutls30/copyright reports libgnutls30 at version 3.6.13-2ubuntu1.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libgnutls30/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libgnutls30/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libgnutls30/copyright" }, { "name": "/var/lib/dpkg/info/libgnutls30:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libgnutls30:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2021-43618-libgmp10", "message": { "text": "The path /usr/share/doc/libgmp10/copyright reports libgmp10 at version 2:6.2.0+dfsg-4 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libgmp10/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libgmp10/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libgmp10/copyright" }, { "name": "/var/lib/dpkg/info/libgmp10:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libgmp10:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-1271-gzip", "message": { "text": "The path /usr/share/doc/gzip/copyright reports gzip at version 1.10-0ubuntu4 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/gzip/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/gzip/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/gzip/copyright" }, { "name": "/var/lib/dpkg/info/gzip.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/gzip.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-1271-liblzma5", "message": { "text": "The path /usr/share/doc/liblzma5/copyright reports liblzma5 at version 5.2.4-1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/liblzma5/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/liblzma5/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/liblzma5/copyright" }, { "name": "/var/lib/dpkg/info/liblzma5:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/liblzma5:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-1304-e2fsprogs", "message": { "text": "The path /usr/share/doc/e2fsprogs/copyright reports e2fsprogs at version 1.45.5-2ubuntu1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/e2fsprogs/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/e2fsprogs/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/e2fsprogs/copyright" }, { "name": "/var/lib/dpkg/info/e2fsprogs.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/e2fsprogs.conffiles" }, { "name": "/var/lib/dpkg/info/e2fsprogs.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/e2fsprogs.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-1304-libcom-err2", "message": { "text": "The path /usr/share/doc/libcom-err2/copyright reports libcom-err2 at version 1.45.5-2ubuntu1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libcom-err2/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libcom-err2/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libcom-err2/copyright" }, { "name": "/var/lib/dpkg/info/libcom-err2:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libcom-err2:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-1304-libext2fs2", "message": { "text": "The path /usr/share/doc/libext2fs2/copyright reports libext2fs2 at version 1.45.5-2ubuntu1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libext2fs2/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libext2fs2/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libext2fs2/copyright" }, { "name": "/var/lib/dpkg/info/libext2fs2:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libext2fs2:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-1304-libss2", "message": { "text": "The path /usr/share/doc/libss2/copyright reports libss2 at version 1.45.5-2ubuntu1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libss2/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libss2/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libss2/copyright" }, { "name": "/var/lib/dpkg/info/libss2:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libss2:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-1304-logsave", "message": { "text": "The path /usr/share/doc/logsave/copyright reports logsave at version 1.45.5-2ubuntu1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/logsave/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/logsave/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/logsave/copyright" }, { "name": "/var/lib/dpkg/info/logsave.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/logsave.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-1586-libpcre2-8-0", "message": { "text": "The path /usr/share/doc/libpcre2-8-0/copyright reports libpcre2-8-0 at version 10.34-7 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libpcre2-8-0/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libpcre2-8-0/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libpcre2-8-0/copyright" }, { "name": "/var/lib/dpkg/info/libpcre2-8-0:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libpcre2-8-0:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-1587-libpcre2-8-0", "message": { "text": "The path /usr/share/doc/libpcre2-8-0/copyright reports libpcre2-8-0 at version 10.34-7 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libpcre2-8-0/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libpcre2-8-0/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libpcre2-8-0/copyright" }, { "name": "/var/lib/dpkg/info/libpcre2-8-0:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libpcre2-8-0:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-1664-dpkg", "message": { "text": "The path /usr/share/doc/dpkg/copyright reports dpkg at version 1.19.7ubuntu3 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/dpkg/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/dpkg/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/dpkg/copyright" }, { "name": "/var/lib/dpkg/info/dpkg.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/dpkg.conffiles" }, { "name": "/var/lib/dpkg/info/dpkg.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/dpkg.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-23218-libc-bin", "message": { "text": "The path /usr/share/doc/libc-bin/copyright reports libc-bin at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc-bin/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc-bin/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc-bin/copyright" }, { "name": "/var/lib/dpkg/info/libc-bin.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.conffiles" }, { "name": "/var/lib/dpkg/info/libc-bin.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-23218-libc6", "message": { "text": "The path /usr/share/doc/libc6/copyright reports libc6 at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc6/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc6/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc6/copyright" }, { "name": "/var/lib/dpkg/info/libc6:amd64.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.conffiles" }, { "name": "/var/lib/dpkg/info/libc6:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-23219-libc-bin", "message": { "text": "The path /usr/share/doc/libc-bin/copyright reports libc-bin at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc-bin/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc-bin/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc-bin/copyright" }, { "name": "/var/lib/dpkg/info/libc-bin.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.conffiles" }, { "name": "/var/lib/dpkg/info/libc-bin.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc-bin.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-23219-libc6", "message": { "text": "The path /usr/share/doc/libc6/copyright reports libc6 at version 2.31-0ubuntu9 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libc6/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libc6/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libc6/copyright" }, { "name": "/var/lib/dpkg/info/libc6:amd64.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.conffiles" }, { "name": "/var/lib/dpkg/info/libc6:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libc6:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-2509-libgnutls30", "message": { "text": "The path /usr/share/doc/libgnutls30/copyright reports libgnutls30 at version 3.6.13-2ubuntu1.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libgnutls30/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libgnutls30/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libgnutls30/copyright" }, { "name": "/var/lib/dpkg/info/libgnutls30:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libgnutls30:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-28321-libpam-modules", "message": { "text": "The path /usr/share/doc/libpam-modules/copyright reports libpam-modules at version 1.3.1-5ubuntu4 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libpam-modules/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libpam-modules/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libpam-modules/copyright" }, { "name": "/var/lib/dpkg/info/libpam-modules:amd64.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libpam-modules:amd64.conffiles" }, { "name": "/var/lib/dpkg/info/libpam-modules:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libpam-modules:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-28321-libpam-modules-bin", "message": { "text": "The path /usr/share/doc/libpam-modules-bin/copyright reports libpam-modules-bin at version 1.3.1-5ubuntu4 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libpam-modules-bin/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libpam-modules-bin/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libpam-modules-bin/copyright" }, { "name": "/var/lib/dpkg/info/libpam-modules-bin.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libpam-modules-bin.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-28321-libpam-runtime", "message": { "text": "The path /usr/share/doc/libpam-runtime/copyright reports libpam-runtime at version 1.3.1-5ubuntu4 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libpam-runtime/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libpam-runtime/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libpam-runtime/copyright" }, { "name": "/var/lib/dpkg/info/libpam-runtime.conffiles", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libpam-runtime.conffiles" }, { "name": "/var/lib/dpkg/info/libpam-runtime.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libpam-runtime.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-28321-libpam0g", "message": { "text": "The path /usr/share/doc/libpam0g/copyright reports libpam0g at version 1.3.1-5ubuntu4 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libpam0g/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libpam0g/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libpam0g/copyright" }, { "name": "/var/lib/dpkg/info/libpam0g:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libpam0g:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-34903-gpgv", "message": { "text": "The path /usr/share/doc/gpgv/copyright reports gpgv at version 2.2.19-3ubuntu2 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/gpgv/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/gpgv/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/gpgv/copyright" }, { "name": "/var/lib/dpkg/info/gpgv.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/gpgv.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-37434-zlib1g", "message": { "text": "The path /usr/share/doc/zlib1g/copyright reports zlib1g at version 1:1.2.11.dfsg-2ubuntu1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/zlib1g/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/zlib1g/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/zlib1g/copyright" }, { "name": "/var/lib/dpkg/info/zlib1g:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/zlib1g:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-3821-libsystemd0", "message": { "text": "The path /usr/share/doc/libsystemd0/copyright reports libsystemd0 at version 245.4-4ubuntu3.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libsystemd0/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libsystemd0/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libsystemd0/copyright" }, { "name": "/var/lib/dpkg/info/libsystemd0:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libsystemd0:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-3821-libudev1", "message": { "text": "The path /usr/share/doc/libudev1/copyright reports libudev1 at version 245.4-4ubuntu3.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libudev1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libudev1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libudev1/copyright" }, { "name": "/var/lib/dpkg/info/libudev1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libudev1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-4415-libsystemd0", "message": { "text": "The path /usr/share/doc/libsystemd0/copyright reports libsystemd0 at version 245.4-4ubuntu3.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libsystemd0/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libsystemd0/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libsystemd0/copyright" }, { "name": "/var/lib/dpkg/info/libsystemd0:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libsystemd0:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-4415-libudev1", "message": { "text": "The path /usr/share/doc/libudev1/copyright reports libudev1 at version 245.4-4ubuntu3.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libudev1/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libudev1/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libudev1/copyright" }, { "name": "/var/lib/dpkg/info/libudev1:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libudev1:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2022-48303-tar", "message": { "text": "The path /usr/share/doc/tar/copyright reports tar at version 1.30+dfsg-7 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/tar/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/tar/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/tar/copyright" }, { "name": "/var/lib/dpkg/info/tar.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/tar.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] }, { "ruleId": "CVE-2023-0361-libgnutls30", "message": { "text": "The path /usr/share/doc/libgnutls30/copyright reports libgnutls30 at version 3.6.13-2ubuntu1.1 which is a vulnerable (deb) package installed in the container" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "image//usr/share/doc/libgnutls30/copyright" }, "region": { "startLine": 1, "startColumn": 1, "endLine": 1, "endColumn": 1 } }, "logicalLocations": [ { "name": "/usr/share/doc/libgnutls30/copyright", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/usr/share/doc/libgnutls30/copyright" }, { "name": "/var/lib/dpkg/info/libgnutls30:amd64.md5sums", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/info/libgnutls30:amd64.md5sums" }, { "name": "/var/lib/dpkg/status", "fullyQualifiedName": "docker.io/library/ubuntu:focal-20200606@sha256:e1c75a5e0bfa094c407e411eb6cc8a159ee8b060cbd0398f1693978b4af9af10:/var/lib/dpkg/status" } ] } ] } ] } ] }