crushten / docker-molecule Goto Github PK
View Code? Open in Web Editor NEWContainer that has Molecule and Ansible installed.
License: MIT License
Container that has Molecule and Ansible installed.
License: MIT License
Base: 3.5 Low CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
The fix is to update markdown-it-py to 2.2.0.
CVE-2022-3545
CVE-2022-3623
CVE-2022-45934
CVE-2022-4696
CVE-2023-0179
CVE-2022-36280
CVE-2022-41218
CVE-2022-47929
CVE-2023-23454
CVE-2023-23455)
Base: 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 is the highest so going with that.
Kernel is bad the fix is to update to 5.10.162-1
CVE-2023-0286
CVE-2022-2097
CVE-2022-4304
CVE-2022-4450
CVE-2023-0215
Base: 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Most don't have a score yet so will just leave High since that is the highest rank on these.
The fix for OpenSSL is to update to 1.1.1n-0+deb11u4.
The fix for python-pkg is to update to 39.0.1.
CVE-2022-23491 - The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
No score yet
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from TrustCor from the root store. These are in the process of being removed from Mozillas trust store. TrustCors root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCors ownership also operated a business that produced spyware. Conclusions of Mozillas investigation can be found in the linked google group discussion. The fix is to bump package to 2022.12.07.
Base: 5.2 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Doesnt seem to have a score yet.
The fix is to update libgnutls30 to 3.7.1-5+deb11u3
CVE-2021-46848 - GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der
Base: 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. Fix is to update to 4.16.0-2+deb11u1.
Should swap all of the workflows to use the new centralized ones: https://github.com/crushten/github_workflow_repo
Shall see how this goes lol.
CVE-2022-40897 - Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page.
Base: 7.5 HIGH Trivy list this as high in the pipeline but there isnt a score yet.
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py..
CVE-2022-43680 - In src:expat, an XML parsing C library, there is a use-after free
caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Base: 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD doesnt have it rated yet but Trivy gives it a 7.5.
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. Fix is to update package to 2.2.10-2+deb11u5.
CVE-2022-42898 - krb5: integer overflow vulnerabilities in PAC parsing
Base: 6.4 Medium CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
See Samba. The fix is to update to 1.18.3-6+deb11u3
versions of libkrb5support0
, libkrb5-3
, libk5crypto3
, and libgssapi-krb5-2
.
Hmm not sure about the reusable workflows. Its nice to have them but all the workflows just run independent of each other.
Maybe when the main repo gets setup can maybe handle it better. Not sure if a workflow can be dependent on another one.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.