# Image Vulnerability Scanning(Trivy)
### 1. Trivy扫描图像
github:
```
root@node1:~/cks/vul-scan# docker run ghcr.io/aquasecurity/trivy:latest image nginx:latest
2021-05-21T07:53:24.540Z INFO Need to update DB
2021-05-21T07:53:24.540Z INFO Downloading DB...
2021-05-21T07:53:44.550Z FATAL DB error: failed to download vulnerability DB: failed to download vulnerability DB: failed to list releases: Get "https://api.github.com/repos/aquasecurity/trivy-db/releases": dial tcp: lookup api.github.com on 8.8.8.8:53: read udp 172.17.0.3:37595->8.8.8.8:53: i/o timeout
root@node1:~/cks/vul-scan# docker run --net=host ghcr.io/aquasecurity/trivy:latest image nginx:latest
2021-05-21T07:53:57.092Z INFO Need to update DB
2021-05-21T07:53:57.092Z INFO Downloading DB...
370.09 KiB / 21.40 MiB [->___________________________________________________________] 1.69% ? p/s ?859.52 KiB / 21.40 MiB [-->__________________________________________________________] 3.92% ? p/s ?1.45 MiB / 21.40 MiB [---->__________________________________________________________] 6.77% ? p/s ?2.09 MiB / 21.40 MiB [---->______________________________________________] 9.77% 2.88 MiB p/s ETA 6s2.73 MiB / 21.40 MiB [------>___________________________________________] 12.76% 2.88 MiB p/s ETA 6s3.43 MiB / 21.40 MiB [-------->_________________________________________] 16.05% 2.88 MiB p/s ETA 6s4.28 MiB / 21.40 MiB [--------->________________________________________] 19.99% 2.93 MiB p/s ETA 5s5.22 MiB / 21.40 MiB [------------>_____________________________________] 24.39% 2.93 MiB p/s ETA 5s6.25 MiB / 21.40 MiB [-------------->___________________________________] 29.19% 2.93 MiB p/s ETA 5s6.96 MiB / 21.40 MiB [---------------->_________________________________] 32.53% 3.03 MiB p/s ETA 4s8.52 MiB / 21.40 MiB [------------------->______________________________] 39.80% 3.03 MiB p/s ETA 4s9.65 MiB / 21.40 MiB [---------------------->___________________________] 45.11% 3.03 MiB p/s ETA 3s10.77 MiB / 21.40 MiB [------------------------>________________________] 50.32% 3.24 MiB p/s ETA 3s12.02 MiB / 21.40 MiB [--------------------------->_____________________] 56.18% 3.24 MiB p/s ETA 2s13.30 MiB / 21.40 MiB [------------------------------>__________________] 62.16% 3.24 MiB p/s ETA 2s14.57 MiB / 21.40 MiB [--------------------------------->_______________] 68.12% 3.44 MiB p/s ETA 1s15.92 MiB / 21.40 MiB [------------------------------------>____________] 74.42% 3.44 MiB p/s ETA 1s17.30 MiB / 21.40 MiB [--------------------------------------->_________] 80.84% 3.44 MiB p/s ETA 1s19.13 MiB / 21.40 MiB [------------------------------------------->_____] 89.40% 3.71 MiB p/s ETA 0s21.40 MiB / 21.40 MiB [----------------------------------------------------] 100.00% 5.67 MiB p/s 4s2021-05-21T07:54:20.382Z INFO Detected OS: debian
2021-05-21T07:54:20.382Z INFO Detecting Debian vulnerabilities...
2021-05-21T07:54:20.437Z INFO Number of PL dependency files: 1
nginx:latest (debian 10.9)
==========================
Total: 164 (UNKNOWN: 0, LOW: 110, MEDIUM: 13, HIGH: 29, CRITICAL: 12)
+------------------+---------------------+----------+---------------------------+---------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------+---------------------+----------+---------------------------+---------------+--------------------------------------------------------------+
| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, |
| | | | | | all versions, do not correctly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
+------------------+---------------------+ +---------------------------+---------------+--------------------------------------------------------------+
| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not |
| | | | | | equal to its real UID the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | TEMP-0841856-B18BAF | | | | -->security-tracker.debian.org/tracker/TEMP-0841856-B18BAF |
+------------------+---------------------+ +---------------------------+---------------+--------------------------------------------------------------+
| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged |
| | | | | | session can escape to the |
| | | | | | parent session in chroot |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-18018 | | | | coreutils: race condition |
| | | | | | vulnerability in chown and chgrp |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 |
+------------------+---------------------+----------+---------------------------+---------------+--------------------------------------------------------------+
| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in cfgexpand.c |
| | | | | | and function.c leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
| | | | | | produces repeated output |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
+------------------+---------------------+----------+---------------------------+---------------+--------------------------------------------------------------+
| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification |
| | | | | | Forgeries with SHA-1 |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 |
+------------------+---------------------+ +---------------------------+---------------+--------------------------------------------------------------+
| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, |
| | | | | | all versions, do not correctly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
+------------------+---------------------+----------+---------------------------+---------------+--------------------------------------------------------------+
| libc-bin | CVE-2020-1751 | HIGH | 2.28-10 | | glibc: array overflow in |
| | | | | | backtrace functions for powerpc |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
| | | | | | function when expanding ~user |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
| | | | | | ISO-2022-JP-3 gconv module |
| | | | | | related to combining characters |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
+ +---------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
| | | | | | iconv when processing invalid |
| | | | | | multi-byte input sequences in... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption |
| | | | | | from crafted input in cosl, |
| | | | | | sinl, sincosl, and tanl... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
+ +---------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: De-recursivise |
| | | | | | regular expression engine |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4051 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise |
| | | | | | regular expression engine |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4052 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation |
| | | | | | can cause excessive CPU and |
| | | | | | memory consumption due to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
| | | | | | when invoked with the -c option |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
| | | | | | leads to code execution because of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
| | | | | | cache of thread stack and heap |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
| | | | | | addresses of pthread_created thread |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
| | | | | | not ignored in setuid binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the |
| | | | | | ARMv7 memcpy function |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
+ +---------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
| | | | | | addgetnetgrentX function |
| | | | | | in netgroupcache.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
#匹配关键包
root@node1:~/cks/vul-scan# docker run --net=host ghcr.io/aquasecurity/trivy:latest image nginx:latest |grep CRITICAL
220.74 KiB / 21.40 MiB [>____________________________________________________________] 1.01% ? p/s ?780.25 KiB / 21.40 MiB [-->__________________________________________________________] 3.56% ? p/s ?1.48 MiB / 21.40 MiB [---->__________________________________________________________] 6.91% ? p/s ?2.66 MiB / 21.40 MiB [------>___________________________________________] 12.43% 4.08 MiB p/s ETA 4s3.32 MiB / 21.40 MiB [------->__________________________________________] 15.49% 4.08 MiB p/s ETA 4s3.91 MiB / 21.40 MiB [--------->________________________________________] 18.27% 4.08 MiB p/s ETA 4s5.35 MiB / 21.40 MiB [------------>_____________________________________] 24.99% 4.10 MiB p/s ETA 3s6.36 MiB / 21.40 MiB [-------------->___________________________________] 29.72% 4.10 MiB p/s ETA 3s7.35 MiB / 21.40 MiB [----------------->________________________________] 34.35% 4.10 MiB p/s ETA 3s8.95 MiB / 21.40 MiB [-------------------->_____________________________] 41.84% 4.23 MiB p/s ETA 2s10.56 MiB / 21.40 MiB [------------------------>________________________] 49.34% 4.23 MiB p/s ETA 2s11.74 MiB / 21.40 MiB [-------------------------->______________________] 54.88% 4.23 MiB p/s ETA 2s13.05 MiB / 21.40 MiB [----------------------------->___________________] 60.99% 4.40 MiB p/s ETA 1s14.32 MiB / 21.40 MiB [-------------------------------->________________] 66.93% 4.40 MiB p/s ETA 1s16.19 MiB / 21.40 MiB [------------------------------------->___________] 75.69% 4.40 MiB p/s ETA 1s17.36 MiB / 21.40 MiB [--------------------------------------->_________] 81.13% 4.57 MiB p/s ETA 0s18.94 MiB / 21.40 MiB [------------------------------------------->_____] 88.51% 4.57 MiB p/s ETA 0s21.14 MiB / 21.40 MiB [------------------------------------------------>] 98.78% 4.57 MiB p/s ETA 0s21.40 MiB / 21.40 MiB [----------------------------------------------------] 100.00% 6.16 MiB p/s 4sTotal: 164 (UNKNOWN: 0, LOW: 110, MEDIUM: 13, HIGH: 29, CRITICAL: 12)
| libgnutls30 | CVE-2021-20231 | CRITICAL | 3.6.7-4+deb10u6 | | gnutls: Use after free in |
| libwebp6 | CVE-2018-25009 | CRITICAL | 0.6.1-2 | | libwebp: out-of-bounds read
# 换个镜像版本
root@node1:~/cks/vul-scan# docker run --net=host ghcr.io/aquasecurity/trivy:latest image nginx:1.16-alpine
2021-05-21T07:59:24.605Z INFO Need to update DB
2021-05-21T07:59:24.605Z INFO Downloading DB...
380.49 KiB / 21.40 MiB [->___________________________________________________________] 1.74% ? p/s ?976.27 KiB / 21.40 MiB [-->__________________________________________________________] 4.46% ? p/s ?1.55 MiB / 21.40 MiB [---->__________________________________________________________] 7.23% ? p/s ?2.05 MiB / 21.40 MiB [---->______________________________________________] 9.57% 2.80 MiB p/s ETA 6s2.52 MiB / 21.40 MiB [----->____________________________________________] 11.80% 2.80 MiB p/s ETA 6s3.09 MiB / 21.40 MiB [------->__________________________________________] 14.46% 2.80 MiB p/s ETA 6s3.75 MiB / 21.40 MiB [-------->_________________________________________] 17.55% 2.80 MiB p/s ETA 6s4.41 MiB / 21.40 MiB [---------->_______________________________________] 20.60% 2.80 MiB p/s ETA 6s5.09 MiB / 21.40 MiB [----------->______________________________________] 23.79% 2.80 MiB p/s ETA 5s5.90 MiB / 21.40 MiB [------------->____________________________________] 27.57% 2.85 MiB p/s ETA 5s6.66 MiB / 21.40 MiB [--------------->__________________________________] 31.15% 2.85 MiB p/s ETA 5s7.50 MiB / 21.40 MiB [----------------->________________________________] 35.04% 2.85 MiB p/s ETA 4s8.58 MiB / 21.40 MiB [-------------------->_____________________________] 40.11% 2.95 MiB p/s ETA 4s9.34 MiB / 21.40 MiB [--------------------->____________________________] 43.64% 2.95 MiB p/s ETA 4s10.30 MiB / 21.40 MiB [----------------------->_________________________] 48.16% 2.95 MiB p/s ETA 3s10.78 MiB / 21.40 MiB [------------------------>________________________] 50.39% 3.00 MiB p/s ETA 3s11.31 MiB / 21.40 MiB [------------------------->_______________________] 52.86% 3.00 MiB p/s ETA 3s11.48 MiB / 21.40 MiB [-------------------------->______________________] 53.66% 3.00 MiB p/s ETA 3s11.60 MiB / 21.40 MiB [-------------------------->______________________] 54.21% 2.89 MiB p/s ETA 3s11.70 MiB / 21.40 MiB [-------------------------->______________________] 54.68% 2.89 MiB p/s ETA 3s12.20 MiB / 21.40 MiB [--------------------------->_____________________] 57.02% 2.89 MiB p/s ETA 3s12.96 MiB / 21.40 MiB [----------------------------->___________________] 60.56% 2.86 MiB p/s ETA 2s13.68 MiB / 21.40 MiB [------------------------------->_________________] 63.96% 2.86 MiB p/s ETA 2s13.92 MiB / 21.40 MiB [------------------------------->_________________] 65.05% 2.86 MiB p/s ETA 2s15.22 MiB / 21.40 MiB [---------------------------------->______________] 71.13% 2.92 MiB p/s ETA 2s15.82 MiB / 21.40 MiB [------------------------------------>____________] 73.93% 2.92 MiB p/s ETA 1s16.76 MiB / 21.40 MiB [-------------------------------------->__________] 78.33% 2.92 MiB p/s ETA 1s17.79 MiB / 21.40 MiB [---------------------------------------->________] 83.16% 3.00 MiB p/s ETA 1s18.83 MiB / 21.40 MiB [------------------------------------------->_____] 88.00% 3.00 MiB p/s ETA 0s20.29 MiB / 21.40 MiB [---------------------------------------------->__] 94.85% 3.00 MiB p/s ETA 0s21.40 MiB / 21.40 MiB [----------------------------------------------->] 100.00% 3.20 MiB p/s ETA 0s21.40 MiB / 21.40 MiB [----------------------------------------------------] 100.00% 3.54 MiB p/s 6s2021-05-21T08:00:41.674Z INFO Detected OS: alpine
2021-05-21T08:00:41.674Z INFO Detecting Alpine vulnerabilities...
2021-05-21T08:00:41.680Z INFO Number of PL dependency files: 0
2021-05-21T08:00:41.680Z WARN This OS version is no longer supported by the distribution: alpine 3.10.4
2021-05-21T08:00:41.680Z WARN The vulnerability detection may be insufficient because security updates are not provided
nginx:1.16-alpine (alpine 3.10.4)
=================================
Total: 26 (UNKNOWN: 0, LOW: 2, MEDIUM: 13, HIGH: 11, CRITICAL: 0)
+---------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------+------------------+----------+-------------------+---------------+---------------------------------------+
| apk-tools | CVE-2021-30139 | HIGH | 2.10.4-r2 | 2.10.6-r0 | In Alpine Linux apk-tools |
| | | | | | before 2.12.5, the tarball |
| | | | | | parser allows a buffer... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-30139 |
+---------------+------------------+ +-------------------+---------------+---------------------------------------+
| busybox | CVE-2021-28831 | | 1.30.1-r3 | 1.30.1-r5 | busybox: invalid free or segmentation |
| | | | | | fault via malformed gzip data |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-28831 |
+---------------+------------------+----------+-------------------+---------------+---------------------------------------+
| freetype | CVE-2020-15999 | MEDIUM | 2.10.0-r0 | 2.10.0-r1 | freetype: Heap-based buffer |
| | | | | | overflow due to integer |
| | | | | | truncation in Load_SBit_Png |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15999 |
+---------------+------------------+----------+-------------------+---------------+---------------------------------------+
| libcrypto1.1 | CVE-2020-1967 | HIGH | 1.1.1d-r2 | 1.1.1g-r0 | openssl: Segmentation |
| | | | | | fault in SSL_check_chain |
| | | | | | causes denial of service |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1967 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-23840 | | | 1.1.1j-r0 | openssl: integer |
| | | | | | overflow in CipherUpdate |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-23840 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-3450 | | | 1.1.1k-r0 | openssl: CA certificate check |
| | | | | | bypass with X509_V_FLAG_X509_STRICT |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3450 |
+ +------------------+----------+ +---------------+---------------------------------------+
| | CVE-2020-1971 | MEDIUM | | 1.1.1i-r0 | openssl: EDIPARTYNAME |
| | | | | | NULL pointer de-reference |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1971 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-23841 | | | 1.1.1j-r0 | openssl: NULL pointer dereference |
| | | | | | in X509_issuer_and_serial_hash() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-23841 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-3449 | | | 1.1.1k-r0 | openssl: NULL pointer dereference |
| | | | | | in signature_algorithms processing |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3449 |
+ +------------------+----------+ +---------------+---------------------------------------+
| | CVE-2021-23839 | LOW | | 1.1.1j-r0 | openssl: incorrect SSLv2 |
| | | | | | rollback protection |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-23839 |
+---------------+------------------+----------+-------------------+---------------+---------------------------------------+
| libgd | CVE-2018-14553 | HIGH | 2.2.5-r2 | 2.2.5-r3 | gd: NULL pointer |
| | | | | | dereference in gdImageClone |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-14553 |
+ +------------------+----------+ + +---------------------------------------+
| | CVE-2019-11038 | MEDIUM | | | gd: Information disclosure |
| | | | | | in gdImageCreateFromXbm() |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-11038 |
+---------------+------------------+----------+-------------------+---------------+---------------------------------------+
| libjpeg-turbo | CVE-2020-13790 | HIGH | 2.0.4-r0 | 2.0.4-r1 | libjpeg-turbo: heap-based buffer |
| | | | | | over-read in get_rgb_row() in rdppm.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13790 |
+---------------+------------------+ +-------------------+---------------+---------------------------------------+
| libssl1.1 | CVE-2020-1967 | | 1.1.1d-r2 | 1.1.1g-r0 | openssl: Segmentation |
| | | | | | fault in SSL_check_chain |
| | | | | | causes denial of service |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1967 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-23840 | | | 1.1.1j-r0 | openssl: integer |
| | | | | | overflow in CipherUpdate |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-23840 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-3450 | | | 1.1.1k-r0 | openssl: CA certificate check |
| | | | | | bypass with X509_V_FLAG_X509_STRICT |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3450 |
+ +------------------+----------+ +---------------+---------------------------------------+
| | CVE-2020-1971 | MEDIUM | | 1.1.1i-r0 | openssl: EDIPARTYNAME |
| | | | | | NULL pointer de-reference |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1971 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-23841 | | | 1.1.1j-r0 | openssl: NULL pointer dereference |
| | | | | | in X509_issuer_and_serial_hash() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-23841 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-3449 | | | 1.1.1k-r0 | openssl: NULL pointer dereference |
| | | | | | in signature_algorithms processing |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3449 |
+ +------------------+----------+ +---------------+---------------------------------------+
| | CVE-2021-23839 | LOW | | 1.1.1j-r0 | openssl: incorrect SSLv2 |
| | | | | | rollback protection |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-23839 |
+---------------+------------------+----------+-------------------+---------------+---------------------------------------+
| libxml2 | CVE-2020-24977 | MEDIUM | 2.9.9-r3 | 2.9.9-r4 | libxml2: Buffer overflow |
| | | | | | vulnerability in |
| | | | | | xmlEncodeEntitiesInternal() |
| | | | | | in entities.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-24977 |
+---------------+------------------+ +-------------------+---------------+---------------------------------------+
| musl | CVE-2020-28928 | | 1.1.22-r3 | 1.1.22-r4 | In musl libc through 1.2.1, |
| | | | | | wcsnrtombs mishandles particular |
| | | | | | combinations of destination buffer... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-28928 |
+---------------+ + + + + +
| musl-utils | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+---------------+------------------+ +-------------------+---------------+---------------------------------------+
| nginx | CVE-2019-20372 | | 1.16.1-r1 | 1.16.1-r2 | nginx: HTTP request smuggling |
| | | | | | in configurations with URL |
| | | | | | redirect used as error_page... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20372 |
+---------------+------------------+ +-------------------+---------------+---------------------------------------+
| pcre | CVE-2020-14155 | | 8.43-r0 | 8.43-r1 | pcre: integer overflow in libpcre |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 |
+---------------+------------------+----------+-------------------+---------------+---------------------------------------+
| ssl_client | CVE-2021-28831 | HIGH | 1.30.1-r3 | 1.30.1-r5 | busybox: invalid free or segmentation |
| | | | | | fault via malformed gzip data |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-28831 |
+---------------+------------------+----------+-------------------+---------------+---------------------------------------+
```
更多阅读:
1. [官方trivy](https://link.zhihu.com/?target=https%3A//aquasecurity.github.io/trivy/dev/)
2. [github trivy](https://link.zhihu.com/?target=https%3A//github.com/aquasecurity/trivy)
3. [trivy 安装](https://link.zhihu.com/?target=https%3A//blog.csdn.net/xixihahalelehehe/article/details/126019559)
4. [trivy 命令运用--漏洞扫描](https://link.zhihu.com/?target=https%3A//blog.csdn.net/xixihahalelehehe/article/details/126034395)
5. [trivy 自定义扫描策略](https://link.zhihu.com/?target=https%3A//blog.csdn.net/xixihahalelehehe/article/details/126035306)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://ghostwritten.gitbook.io/kubernetes-exam-in-action/cks-kao-shi/image-vulnerability-scanning-trivy.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.