gitimages.expertflow.com/cti/hc_smpp_connector:4.4 (oracle 8.7)
===============================================================
Total: 76 (UNKNOWN: 0, LOW: 8, MEDIUM: 48, HIGH: 20, CRITICAL: 0)

+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
|        LIBRARY         | VULNERABILITY ID | SEVERITY |  INSTALLED VERSION   |      FIXED VERSION       |                 TITLE                 |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| binutils               | CVE-2022-4285    | MEDIUM   | 2.30-117.0.3.el8     | 2.30-119.0.2.el8_8.2     | binutils: NULL                        |
|                        |                  |          |                      |                          | pointer dereference in                |
|                        |                  |          |                      |                          | _bfd_elf_get_symbol_version_string    |
|                        |                  |          |                      |                          | leads to segfault                     |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2022-4285  |
+------------------------+------------------+          +----------------------+--------------------------+---------------------------------------+
| curl                   | CVE-2023-23916   |          | 7.61.1-25.el8_7.1    | 7.61.1-25.el8_7.3        | curl: HTTP multi-header               |
|                        |                  |          |                      |                          | compression denial of service         |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-23916 |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2023-27535   |          |                      | 7.61.1-30.el8_8.2        | curl: FTP too eager connection reuse  |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-27535 |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2023-27536   |          |                      | 7.61.1-30.el8_8.3        | curl: GSS delegation too              |
|                        |                  |          |                      |                          | eager connection re-use               |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-27536 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-28321   |          |                      |                          | curl: IDN wildcard match may lead     |
|                        |                  |          |                      |                          | to Improper Cerificate Validation     |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-28321 |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2023-28322   |          |                      | 7.61.1-33.el8_9.5        | curl: more POST-after-PUT confusion   |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-28322 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-38546   |          |                      |                          | curl: cookie injection with none file |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-38546 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-46218   |          |                      |                          | curl: information disclosure          |
|                        |                  |          |                      |                          | by exploiting a mixed case flaw       |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-46218 |
+                        +------------------+----------+                      +--------------------------+---------------------------------------+
|                        | CVE-2022-35252   | LOW      |                      | 7.61.1-30.el8            | curl: Incorrect handling of           |
|                        |                  |          |                      |                          | control code characters in cookies    |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2022-35252 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2022-43552   |          |                      |                          | curl: Use-after-free triggered        |
|                        |                  |          |                      |                          | by an HTTP proxy deny response        |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2022-43552 |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| expat                  | CVE-2023-52425   | MEDIUM   | 2.2.5-10.0.1.el8_7.1 | 2.2.5-11.0.1.el8_9.1     | expat: parsing large tokens           |
|                        |                  |          |                      |                          | can trigger a denial of service       |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-52425 |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| glibc                  | CVE-2023-4527    | HIGH     | 2.28-211.0.1.el8     | 2.28-225.0.4.el8_8.6     | glibc: Stack read overflow in         |
|                        |                  |          |                      |                          | getaddrinfo in no-aaaa mode           |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4527  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-4806    |          |                      |                          | glibc: potential                      |
|                        |                  |          |                      |                          | use-after-free in getaddrinfo()       |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4806  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-4813    |          |                      |                          | glibc: potential                      |
|                        |                  |          |                      |                          | use-after-free in gaih_inet()         |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4813  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-4911    |          |                      |                          | glibc: buffer overflow in ld.so       |
|                        |                  |          |                      |                          | leading to privilege escalation       |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4911  |
+------------------------+------------------+          +                      +                          +---------------------------------------+
| glibc-common           | CVE-2023-4527    |          |                      |                          | glibc: Stack read overflow in         |
|                        |                  |          |                      |                          | getaddrinfo in no-aaaa mode           |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4527  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-4806    |          |                      |                          | glibc: potential                      |
|                        |                  |          |                      |                          | use-after-free in getaddrinfo()       |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4806  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-4813    |          |                      |                          | glibc: potential                      |
|                        |                  |          |                      |                          | use-after-free in gaih_inet()         |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4813  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-4911    |          |                      |                          | glibc: buffer overflow in ld.so       |
|                        |                  |          |                      |                          | leading to privilege escalation       |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4911  |
+------------------------+------------------+          +                      +                          +---------------------------------------+
| glibc-minimal-langpack | CVE-2023-4527    |          |                      |                          | glibc: Stack read overflow in         |
|                        |                  |          |                      |                          | getaddrinfo in no-aaaa mode           |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4527  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-4806    |          |                      |                          | glibc: potential                      |
|                        |                  |          |                      |                          | use-after-free in getaddrinfo()       |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4806  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-4813    |          |                      |                          | glibc: potential                      |
|                        |                  |          |                      |                          | use-after-free in gaih_inet()         |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4813  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-4911    |          |                      |                          | glibc: buffer overflow in ld.so       |
|                        |                  |          |                      |                          | leading to privilege escalation       |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4911  |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| gnutls                 | CVE-2021-20231   | MEDIUM   | 3.6.16-5.el8_6       | 10:3.6.16-4.0.1.el8_fips | gnutls: Use after free in             |
|                        |                  |          |                      |                          | client key_share extension            |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2021-20231 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2021-20232   |          |                      |                          | gnutls: Use after free                |
|                        |                  |          |                      |                          | in client_send_params in              |
|                        |                  |          |                      |                          | lib/ext/pre_shared_key.c              |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2021-20232 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2021-3580    |          |                      |                          | nettle: Remote crash                  |
|                        |                  |          |                      |                          | in RSA decryption via                 |
|                        |                  |          |                      |                          | manipulated ciphertext                |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2021-3580  |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2023-0361    |          |                      | 3.6.16-6.el8_7           | gnutls: timing side-channel in        |
|                        |                  |          |                      |                          | the TLS RSA key exchange code         |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-0361  |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2023-5981    |          |                      | 3.6.16-8.el8_9           | gnutls: timing side-channel           |
|                        |                  |          |                      |                          | in the RSA-PSK authentication         |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-5981  |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2024-0553    |          |                      | 10:3.6.16-8.el8_9.1_fips | gnutls: incomplete                    |
|                        |                  |          |                      |                          | fix for CVE-2023-5981                 |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2024-0553  |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2024-28834   |          |                      | 3.6.16-8.el8_9.3         | gnutls: vulnerable to Minerva         |
|                        |                  |          |                      |                          | side-channel information leak         |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2024-28834 |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| libarchive             | CVE-2022-36227   | LOW      | 3.3.3-4.el8          | 3.3.3-5.el8              | libarchive: NULL pointer              |
|                        |                  |          |                      |                          | dereference in archive_write.c        |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2022-36227 |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| libcap                 | CVE-2023-2602    | MEDIUM   | 2.48-4.el8           | 2.48-5.el8_8             | libcap: Memory Leak on                |
|                        |                  |          |                      |                          | pthread_create() Error                |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-2602  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-2603    |          |                      |                          | libcap: Integer Overflow              |
|                        |                  |          |                      |                          | in _libcap_strdup()                   |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-2603  |
+------------------------+------------------+          +----------------------+--------------------------+---------------------------------------+
| libcurl                | CVE-2023-23916   |          | 7.61.1-25.el8_7.1    | 7.61.1-25.el8_7.3        | curl: HTTP multi-header               |
|                        |                  |          |                      |                          | compression denial of service         |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-23916 |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2023-27535   |          |                      | 7.61.1-30.el8_8.2        | curl: FTP too eager connection reuse  |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-27535 |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2023-27536   |          |                      | 7.61.1-30.el8_8.3        | curl: GSS delegation too              |
|                        |                  |          |                      |                          | eager connection re-use               |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-27536 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-28321   |          |                      |                          | curl: IDN wildcard match may lead     |
|                        |                  |          |                      |                          | to Improper Cerificate Validation     |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-28321 |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2023-28322   |          |                      | 7.61.1-33.el8_9.5        | curl: more POST-after-PUT confusion   |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-28322 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-38546   |          |                      |                          | curl: cookie injection with none file |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-38546 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-46218   |          |                      |                          | curl: information disclosure          |
|                        |                  |          |                      |                          | by exploiting a mixed case flaw       |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-46218 |
+                        +------------------+----------+                      +--------------------------+---------------------------------------+
|                        | CVE-2022-35252   | LOW      |                      | 7.61.1-30.el8            | curl: Incorrect handling of           |
|                        |                  |          |                      |                          | control code characters in cookies    |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2022-35252 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2022-43552   |          |                      |                          | curl: Use-after-free triggered        |
|                        |                  |          |                      |                          | by an HTTP proxy deny response        |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2022-43552 |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| libgcc                 | CVE-2022-40982   | HIGH     | 8.5.0-16.0.2.el8_7   | 8.5.0-18.0.5.el8         | hw: Intel: Gather Data Sampling       |
|                        |                  |          |                      |                          | (GDS) side channel vulnerability      |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2022-40982 |
+                        +------------------+----------+                      +                          +---------------------------------------+
|                        | CVE-2023-4039    | LOW      |                      |                          | gcc: -fstack-protector                |
|                        |                  |          |                      |                          | fails to guard dynamic                |
|                        |                  |          |                      |                          | stack allocations on ARM64            |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4039  |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| libgcrypt              | CVE-2021-40528   | HIGH     | 1.8.5-7.el8_6        | 10:1.8.5-7.el8_6_fips    | libgcrypt: ElGamal implementation     |
|                        |                  |          |                      |                          | allows plaintext recovery             |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2021-40528 |
+                        +------------------+----------+                      +--------------------------+---------------------------------------+
|                        | CVE-2021-33560   | MEDIUM   |                      | 10:1.8.5-6.el8_fips      | libgcrypt: mishandles ElGamal         |
|                        |                  |          |                      |                          | encryption because it lacks           |
|                        |                  |          |                      |                          | exponent blinding to address a...     |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2021-33560 |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| libnghttp2             | CVE-2023-44487   | HIGH     | 1.33.0-3.el8_2.1     | 1.33.0-5.el8_8           | HTTP/2: Multiple HTTP/2               |
|                        |                  |          |                      |                          | enabled web servers are               |
|                        |                  |          |                      |                          | vulnerable to a DDoS attack...        |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-44487 |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| libssh                 | CVE-2023-1667    | MEDIUM   | 0.9.6-3.el8          | 0.9.6-10.el8_8           | libssh: NULL pointer                  |
|                        |                  |          |                      |                          | dereference during rekeying           |
|                        |                  |          |                      |                          | with algorithm guessing               |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-1667  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-2283    |          |                      |                          | libssh: authorization bypass          |
|                        |                  |          |                      |                          | in pki_verify_data_signature          |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-2283  |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2023-48795   |          |                      | 0.9.6-13.el8_9           | ssh: Prefix truncation attack         |
|                        |                  |          |                      |                          | on Binary Packet Protocol (BPP)       |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-48795 |
+------------------------+------------------+          +                      +--------------------------+---------------------------------------+
| libssh-config          | CVE-2023-1667    |          |                      | 0.9.6-10.el8_8           | libssh: NULL pointer                  |
|                        |                  |          |                      |                          | dereference during rekeying           |
|                        |                  |          |                      |                          | with algorithm guessing               |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-1667  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-2283    |          |                      |                          | libssh: authorization bypass          |
|                        |                  |          |                      |                          | in pki_verify_data_signature          |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-2283  |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2023-48795   |          |                      | 0.9.6-13.el8_9           | ssh: Prefix truncation attack         |
|                        |                  |          |                      |                          | on Binary Packet Protocol (BPP)       |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-48795 |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| libstdc++              | CVE-2022-40982   | HIGH     | 8.5.0-16.0.2.el8_7   | 8.5.0-18.0.5.el8         | hw: Intel: Gather Data Sampling       |
|                        |                  |          |                      |                          | (GDS) side channel vulnerability      |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2022-40982 |
+                        +------------------+----------+                      +                          +---------------------------------------+
|                        | CVE-2023-4039    | LOW      |                      |                          | gcc: -fstack-protector                |
|                        |                  |          |                      |                          | fails to guard dynamic                |
|                        |                  |          |                      |                          | stack allocations on ARM64            |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4039  |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| libxml2                | CVE-2023-28484   | MEDIUM   | 2.9.7-15.el8_7.1     | 2.9.7-16.el8_8.1         | libxml2: NULL dereference             |
|                        |                  |          |                      |                          | in xmlSchemaFixupComplexType          |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-28484 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-29469   |          |                      |                          | libxml2: Hashing of empty dict        |
|                        |                  |          |                      |                          | strings isn't deterministic           |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-29469 |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2023-39615   |          |                      | 2.9.7-18.el8_9           | libxml2: crafted xml can              |
|                        |                  |          |                      |                          | cause global buffer overflow          |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-39615 |
+------------------------+------------------+          +----------------------+--------------------------+---------------------------------------+
| ncurses-base           | CVE-2023-29491   |          | 6.1-9.20180224.el8   | 6.1-9.20180224.el8_8.1   | ncurses: Local users can              |
|                        |                  |          |                      |                          | trigger security-relevant memory      |
|                        |                  |          |                      |                          | corruption via malformed data         |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-29491 |
+------------------------+                  +          +                      +                          +                                       +
| ncurses-libs           |                  |          |                      |                          |                                       |
|                        |                  |          |                      |                          |                                       |
|                        |                  |          |                      |                          |                                       |
|                        |                  |          |                      |                          |                                       |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| openssl-libs           | CVE-2022-4304    | HIGH     | 1:1.1.1k-7.el8_6     | 1:1.1.1k-9.el8_7         | openssl: timing attack in             |
|                        |                  |          |                      |                          | RSA Decryption implementation         |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2022-4304  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2022-4450    |          |                      |                          | openssl: double free after            |
|                        |                  |          |                      |                          | calling PEM_read_bio_ex               |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2022-4450  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-0215    |          |                      |                          | openssl: use-after-free               |
|                        |                  |          |                      |                          | following BIO_new_NDEF                |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-0215  |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2023-0286    |          |                      |                          | openssl: X.400 address type           |
|                        |                  |          |                      |                          | confusion in X.509 GeneralName        |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-0286  |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| rpm                    | CVE-2021-35937   | MEDIUM   | 4.14.3-24.el8_7      | 4.14.3-28.0.2.el8_9      | rpm: TOCTOU race in                   |
|                        |                  |          |                      |                          | checks for unsafe symlinks            |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2021-35937 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2021-35938   |          |                      |                          | rpm: races with                       |
|                        |                  |          |                      |                          | chown/chmod/capabilities              |
|                        |                  |          |                      |                          | calls during installation             |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2021-35938 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2021-35939   |          |                      |                          | rpm: checks for unsafe                |
|                        |                  |          |                      |                          | symlinks are not performed            |
|                        |                  |          |                      |                          | for intermediary directories          |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2021-35939 |
+------------------------+------------------+          +                      +                          +---------------------------------------+
| rpm-libs               | CVE-2021-35937   |          |                      |                          | rpm: TOCTOU race in                   |
|                        |                  |          |                      |                          | checks for unsafe symlinks            |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2021-35937 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2021-35938   |          |                      |                          | rpm: races with                       |
|                        |                  |          |                      |                          | chown/chmod/capabilities              |
|                        |                  |          |                      |                          | calls during installation             |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2021-35938 |
+                        +------------------+          +                      +                          +---------------------------------------+
|                        | CVE-2021-35939   |          |                      |                          | rpm: checks for unsafe                |
|                        |                  |          |                      |                          | symlinks are not performed            |
|                        |                  |          |                      |                          | for intermediary directories          |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2021-35939 |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| shadow-utils           | CVE-2023-4641    | LOW      | 2:4.6-17.el8         | 2:4.6-19.el8             | shadow-utils: possible password       |
|                        |                  |          |                      |                          | leak during passwd(1) change          |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-4641  |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+
| sqlite-libs            | CVE-2020-24736   | MEDIUM   | 3.26.0-17.el8_7      | 3.26.0-18.0.1.el8_8      | sqlite: Crash due to                  |
|                        |                  |          |                      |                          | misuse of window functions.           |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2020-24736 |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2023-7104    |          |                      | 3.26.0-19.0.1.el8_9      | sqlite: heap-buffer-overflow          |
|                        |                  |          |                      |                          | at sessionfuzz                        |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-7104  |
+------------------------+------------------+          +----------------------+--------------------------+---------------------------------------+
| systemd-libs           | CVE-2022-4415    |          | 239-68.0.2.el8_7.2   | 239-68.0.2.el8_7.4       | systemd: local information leak due   |
|                        |                  |          |                      |                          | to systemd-coredump not respecting    |
|                        |                  |          |                      |                          | fs.suid_dumpable kernel setting...    |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2022-4415  |
+                        +------------------+          +                      +--------------------------+---------------------------------------+
|                        | CVE-2023-26604   |          |                      | 239-74.0.4.el8_8.2       | systemd: privilege                    |
|                        |                  |          |                      |                          | escalation via the less pager         |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2023-26604 |
+------------------------+------------------+          +----------------------+--------------------------+---------------------------------------+
| tar                    | CVE-2022-48303   |          | 2:1.30-6.el8         | 2:1.30-6.el8_7.1         | tar: heap buffer overflow at          |
|                        |                  |          |                      |                          | from_header() in list.c via           |
|                        |                  |          |                      |                          | specially crafted checksum...         |
|                        |                  |          |                      |                          | -->avd.aquasec.com/nvd/cve-2022-48303 |
+------------------------+------------------+----------+----------------------+--------------------------+---------------------------------------+

Java (jar)
==========
Total: 52 (UNKNOWN: 0, LOW: 0, MEDIUM: 19, HIGH: 25, CRITICAL: 8)

+----------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
|                      LIBRARY                       | VULNERABILITY ID | SEVERITY | INSTALLED VERSION |         FIXED VERSION          |                             TITLE                              |
+----------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| ch.qos.logback:logback-classic                     | CVE-2023-6378    | HIGH     | 1.2.3             | 1.3.12, 1.4.12, 1.2.13         | logback: serialization                                         |
|                                                    |                  |          |                   |                                | vulnerability in logback receiver                              |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-6378                           |
+----------------------------------------------------+                  +          +                   +                                +                                                                +
| ch.qos.logback:logback-core                        |                  |          |                   |                                |                                                                |
|                                                    |                  |          |                   |                                |                                                                |
|                                                    |                  |          |                   |                                |                                                                |
+                                                    +------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2021-42550   | MEDIUM   |                   | 1.2.9                          | logback: remote code execution                                 |
|                                                    |                  |          |                   |                                | through JNDI call from within                                  |
|                                                    |                  |          |                   |                                | its configuration file...                                      |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-42550                          |
+----------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| com.fasterxml.jackson.core:jackson-databind        | CVE-2020-36518   | HIGH     | 2.11.2            | 2.13.2.1, 2.12.6.1             | jackson-databind: denial of service                            |
|                                                    |                  |          |                   |                                | via a large depth of nested objects                            |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2020-36518                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2021-46877   |          |                   | 2.12.6, 2.13.1                 | jackson-databind: Possible                                     |
|                                                    |                  |          |                   |                                | DoS if using JDK serialization                                 |
|                                                    |                  |          |                   |                                | to serialize JsonNode                                          |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-46877                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2022-42003   |          |                   | 2.12.7.1, 2.13.4.2             | jackson-databind: deep                                         |
|                                                    |                  |          |                   |                                | wrapper array nesting wrt                                      |
|                                                    |                  |          |                   |                                | UNWRAP_SINGLE_VALUE_ARRAYS                                     |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-42003                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2022-42004   |          |                   | 2.12.7.1, 2.13.4               | jackson-databind: use                                          |
|                                                    |                  |          |                   |                                | of deeply nested arrays                                        |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-42004                          |
+----------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| com.squareup.okio:okio                             | CVE-2023-3635    | MEDIUM   | 1.11.0            | 3.4.0, 1.17.6                  | okio: GzipSource class                                         |
|                                                    |                  |          |                   |                                | improper exception handling                                    |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-3635                           |
+----------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| log4j:log4j                                        | CVE-2019-17571   | CRITICAL | 1.2.17            |                                | log4j: deserialization of                                      |
|                                                    |                  |          |                   |                                | untrusted data in SocketServer                                 |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2019-17571                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2022-23305   |          |                   |                                | log4j: SQL injection in                                        |
|                                                    |                  |          |                   |                                | Log4j 1.x when application                                     |
|                                                    |                  |          |                   |                                | is configured to use...                                        |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-23305                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2022-23307   |          |                   |                                | log4j: Unsafe deserialization                                  |
|                                                    |                  |          |                   |                                | flaw in Chainsaw log viewer                                    |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-23307                          |
+                                                    +------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2021-4104    | HIGH     |                   |                                | log4j: Remote code execution                                   |
|                                                    |                  |          |                   |                                | in Log4j 1.x when application                                  |
|                                                    |                  |          |                   |                                | is configured to...                                            |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-4104                           |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2022-23302   |          |                   |                                | log4j: Remote code execution                                   |
|                                                    |                  |          |                   |                                | in Log4j 1.x when application                                  |
|                                                    |                  |          |                   |                                | is configured to...                                            |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-23302                          |
+----------------------------------------------------+------------------+          +-------------------+--------------------------------+----------------------------------------------------------------+
| org.apache.tomcat.embed:tomcat-embed-core          | CVE-2021-25122   |          | 9.0.37            | 10.0.2, 9.0.43, 8.5.63         | tomcat: Request mix-up with h2c                                |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-25122                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2021-25329   |          |                   | 10.0.2, 9.0.41, 8.5.61,        | tomcat: Incomplete fix                                         |
|                                                    |                  |          |                   | 7.0.108                        | for CVE-2020-9484 (RCE                                         |
|                                                    |                  |          |                   |                                | via session persistence)                                       |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-25329                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2022-42252   |          |                   | 8.5.83, 9.0.68, 10.0.27,       | tomcat: request smuggling                                      |
|                                                    |                  |          |                   | 10.1.1                         | -->avd.aquasec.com/nvd/cve-2022-42252                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2023-24998   |          |                   | 10.1.5, 11.0.0-M5, 8.5.88,     | Apache Commons FileUpload:                                     |
|                                                    |                  |          |                   | 9.0.71                         | FileUpload DoS with excessive parts                            |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-24998                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2023-46589   |          |                   | 11.0.0-M11, 10.1.16, 9.0.83,   | tomcat: HTTP request smuggling                                 |
|                                                    |                  |          |                   | 8.5.96                         | via malformed trailer headers                                  |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-46589                          |
+                                                    +------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2021-24122   | MEDIUM   |                   | 10.0.0-M10, 9.0.40, 8.5.60,    | tomcat: Information disclosure                                 |
|                                                    |                  |          |                   | 7.0.107                        | when using NTFS file system                                    |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-24122                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2023-41080   |          |                   | 8.5.93, 9.0.80, 10.1.13,       | tomcat: Open Redirect vulnerability                            |
|                                                    |                  |          |                   | 11.0.0-M11                     | in FORM authentication                                         |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-41080                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2023-42795   |          |                   | 11.0.0-M12, 10.1.14, 9.0.81,   | tomcat: improper cleaning                                      |
|                                                    |                  |          |                   | 8.5.94                         | of recycled objects could                                      |
|                                                    |                  |          |                   |                                | lead to information leak                                       |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-42795                          |
+                                                    +------------------+          +                   +                                +----------------------------------------------------------------+
|                                                    | CVE-2023-44487   |          |                   |                                | HTTP/2: Multiple HTTP/2                                        |
|                                                    |                  |          |                   |                                | enabled web servers are                                        |
|                                                    |                  |          |                   |                                | vulnerable to a DDoS attack...                                 |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-44487                          |
+                                                    +------------------+          +                   +                                +----------------------------------------------------------------+
|                                                    | CVE-2023-45648   |          |                   |                                | tomcat: incorrectly parsed                                     |
|                                                    |                  |          |                   |                                | http trailer headers can                                       |
|                                                    |                  |          |                   |                                | cause request smuggling                                        |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-45648                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2024-24549   |          |                   | 8.5.99, 9.0.86, 10.1.19,       | : Apache Tomcat: HTTP/2                                        |
|                                                    |                  |          |                   | 11.0.0-M17                     | header handling DoS                                            |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2024-24549                          |
+----------------------------------------------------+------------------+          +                   +--------------------------------+----------------------------------------------------------------+
| org.apache.tomcat.embed:tomcat-embed-websocket     | CVE-2024-23672   |          |                   | 11.0.0-M17, 10.1.19, 9.0.86,   | Apache Tomcat: WebSocket DoS                                   |
|                                                    |                  |          |                   | 8.5.99                         | with incomplete closing handshake                              |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2024-23672                          |
+----------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| org.json:json                                      | CVE-2022-45688   | HIGH     |          20190722 |                       20230227 | json stack overflow vulnerability                              |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-45688                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2023-5072    |          |                   |                       20231013 | JSON-java: parser                                              |
|                                                    |                  |          |                   |                                | confusion leads to OOM                                         |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-5072                           |
+----------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| org.springframework.boot:spring-boot               | CVE-2023-34055   | MEDIUM   | 2.3.3.RELEASE     | 2.7.18, 3.0.13, 3.1.6          | spring-boot:                                                   |
|                                                    |                  |          |                   |                                | org.springframework.boot:spring-boot-actuator                  |
|                                                    |                  |          |                   |                                | class vulnerable to denial of service                          |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-34055                          |
+----------------------------------------------------+------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
| org.springframework.boot:spring-boot-autoconfigure | CVE-2023-20883   | HIGH     |                   | 3.0.7, 2.7.12, 2.6.15, 2.5.15  | spring-boot: Spring Boot                                       |
|                                                    |                  |          |                   |                                | Welcome Page DoS Vulnerability                                 |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-20883                          |
+----------------------------------------------------+------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
| org.springframework.boot:spring-boot-starter-web   | CVE-2022-22965   | CRITICAL |                   | 2.5.12, 2.6.6                  | spring-framework: RCE via                                      |
|                                                    |                  |          |                   |                                | Data Binding on JDK 9+                                         |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-22965                          |
+----------------------------------------------------+------------------+          +-------------------+--------------------------------+----------------------------------------------------------------+
| org.springframework.data:spring-data-mongodb       | CVE-2022-22980   |          | 3.0.3.RELEASE     | 3.4.1, 3.3.5                   | Spring Data MongoDB: SpEL in                                   |
|                                                    |                  |          |                   |                                | query methods allow code injection                             |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-22980                          |
+----------------------------------------------------+------------------+          +-------------------+--------------------------------+----------------------------------------------------------------+
| org.springframework:spring-beans                   | CVE-2022-22965   |          | 5.2.8.RELEASE     | 5.2.20.RELEASE, 5.3.18         | spring-framework: RCE via                                      |
|                                                    |                  |          |                   |                                | Data Binding on JDK 9+                                         |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-22965                          |
+                                                    +------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2022-22970   | HIGH     |                   | 5.2.22.RELEASE, 5.3.20         | springframework: DoS via data binding                          |
|                                                    |                  |          |                   |                                | to multipartFile or servlet part                               |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-22970                          |
+----------------------------------------------------+------------------+          +                   +--------------------------------+----------------------------------------------------------------+
| org.springframework:spring-context                 | CVE-2022-22968   |          |                   | 5.3.19, 5.2.21                 | Spring Framework: Data                                         |
|                                                    |                  |          |                   |                                | Binding Rules Vulnerability                                    |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-22968                          |
+----------------------------------------------------+------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
| org.springframework:spring-core                    | CVE-2021-22060   | MEDIUM   |                   | 5.3.14, 5.2.19                 | springframework: Additional Log                                |
|                                                    |                  |          |                   |                                | Injection in Spring Framework                                  |
|                                                    |                  |          |                   |                                | (follow-up to CVE-2021-22096)                                  |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-22060                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2021-22096   |          |                   | 5.3.11, 5.2.18                 | springframework: malicious                                     |
|                                                    |                  |          |                   |                                | input leads to insertion                                       |
|                                                    |                  |          |                   |                                | of additional log entries                                      |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-22096                          |
+----------------------------------------------------+------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
| org.springframework:spring-expression              | CVE-2023-20863   | HIGH     |                   | 6.0.8, 5.3.27, 5.2.24.RELEASE  | springframework: Spring                                        |
|                                                    |                  |          |                   |                                | Expression DoS Vulnerability                                   |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-20863                          |
+                                                    +------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2022-22950   | MEDIUM   |                   | 5.3.17, 5.2.20.RELEASE         | spring-expression: Denial of service                           |
|                                                    |                  |          |                   |                                | via specially crafted SpEL expression                          |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-22950                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2023-20861   |          |                   | 6.0.7, 5.3.26, 5.2.23.RELEASE  | springframework: Spring                                        |
|                                                    |                  |          |                   |                                | Expression DoS Vulnerability                                   |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-20861                          |
+----------------------------------------------------+------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
| org.springframework:spring-web                     | CVE-2016-1000027 | CRITICAL |                   | 6.0.0                          | spring: HttpInvokerServiceExporter                             |
|                                                    |                  |          |                   |                                | readRemoteInvocation method                                    |
|                                                    |                  |          |                   |                                | untrusted java deserialization                                 |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2016-1000027                        |
+                                                    +------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2021-22118   | HIGH     |                   | 5.2.15, 5.3.7                  | spring-web: (re)creating the                                   |
|                                                    |                  |          |                   |                                | temporary storage directory                                    |
|                                                    |                  |          |                   |                                | could result in  a privilege...                                |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-22118                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2024-22243   |          |                   | 6.1.4, 6.0.17, 5.3.32          | springframework: URL                                           |
|                                                    |                  |          |                   |                                | Parsing with Host Validation                                   |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2024-22243                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2024-22259   |          |                   | 6.1.5, 6.0.18, 5.3.33          | springframework: URL                                           |
|                                                    |                  |          |                   |                                | Parsing with Host Validation                                   |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2024-22259                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2024-22262   |          |                   | 5.3.34, 6.0.19, 6.1.6          | springframework: URL                                           |
|                                                    |                  |          |                   |                                | Parsing with Host Validation                                   |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2024-22262                          |
+----------------------------------------------------+------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
| org.springframework:spring-webmvc                  | CVE-2022-22965   | CRITICAL |                   | 5.2.20.RELEASE, 5.3.18         | spring-framework: RCE via                                      |
|                                                    |                  |          |                   |                                | Data Binding on JDK 9+                                         |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-22965                          |
+----------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| org.yaml:snakeyaml                                 | CVE-2022-1471    | HIGH     |              1.26 |                            2.0 | SnakeYaml: Constructor                                         |
|                                                    |                  |          |                   |                                | Deserialization                                                |
|                                                    |                  |          |                   |                                | Remote Code Execution                                          |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-1471                           |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2022-25857   |          |                   |                           1.31 | snakeyaml: Denial of Service                                   |
|                                                    |                  |          |                   |                                | due to missing nested depth                                    |
|                                                    |                  |          |                   |                                | limitation for collections...                                  |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-25857                          |
+                                                    +------------------+----------+                   +                                +----------------------------------------------------------------+
|                                                    | CVE-2022-38749   | MEDIUM   |                   |                                | snakeyaml: Uncaught exception in                               |
|                                                    |                  |          |                   |                                | org.yaml.snakeyaml.composer.Composer.composeSequenceNode       |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-38749                          |
+                                                    +------------------+          +                   +                                +----------------------------------------------------------------+
|                                                    | CVE-2022-38750   |          |                   |                                | snakeyaml: Uncaught exception in                               |
|                                                    |                  |          |                   |                                | org.yaml.snakeyaml.constructor.BaseConstructor.constructObject |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-38750                          |
+                                                    +------------------+          +                   +                                +----------------------------------------------------------------+
|                                                    | CVE-2022-38751   |          |                   |                                | snakeyaml: Uncaught exception in                               |
|                                                    |                  |          |                   |                                | java.base/java.util.regex.Pattern$Ques.match                   |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-38751                          |
+                                                    +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                    | CVE-2022-38752   |          |                   |                           1.32 | snakeyaml: Uncaught exception in                               |
|                                                    |                  |          |                   |                                | java.base/java.util.ArrayList.hashCode                         |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-38752                          |
+                                                    +------------------+          +                   +                                +----------------------------------------------------------------+
|                                                    | CVE-2022-41854   |          |                   |                                | dev-java/snakeyaml:                                            |
|                                                    |                  |          |                   |                                | DoS via stack overflow                                         |
|                                                    |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-41854                          |
+----------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+