argo-cd/docs/snyk/master/quay.io_argoproj_argocd:latest.html

<!DOCTYPE html>
<html lang="en">

<head>
  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
  <meta http-equiv="Content-Language" content="en-us">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <title>Snyk test report</title>
  <meta name="description" content="20 known vulnerabilities found in 66 vulnerable dependency paths.">
  <base target="_blank">
  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
    sizes="194x194">
  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
  <style type="text/css">

    body {
      -moz-font-feature-settings: "pnum";
      -webkit-font-feature-settings: "pnum";
      font-variant-numeric: proportional-nums;
      display: flex;
      flex-direction: column;
      font-feature-settings: "pnum";
      font-size: 100%;
      line-height: 1.5;
      min-height: 100vh;
      -webkit-text-size-adjust: 100%;
      margin: 0;
      padding: 0;
      background-color: #F5F5F5;
      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
    }

    h1,
    h2,
    h3,
    h4,
    h5,
    h6 {
      font-weight: 500;
    }

    a,
    a:link,
    a:visited {
      border-bottom: 1px solid #4b45a9;
      text-decoration: none;
      color: #4b45a9;
    }

    a:hover,
    a:focus,
    a:active {
      border-bottom: 1px solid #4b45a9;
    }

    hr {
      border: none;
      margin: 1em 0;
      border-top: 1px solid #c5c5c5;
    }

    ul {
      padding: 0 1em;
      margin: 1em 0;
    }

    code {
      background-color: #EEE;
      color: #333;
      padding: 0.25em 0.5em;
      border-radius: 0.25em;
    }

    pre {
      background-color: #333;
      font-family: monospace;
      padding: 0.5em 1em 0.75em;
      border-radius: 0.25em;
      font-size: 14px;
    }

    pre code {
      padding: 0;
      background-color: transparent;
      color: #fff;
    }

    a code {
      border-radius: .125rem .125rem 0 0;
      padding-bottom: 0;
      color: #4b45a9;
    }

    a[href^="http://"]:after,
    a[href^="https://"]:after {
      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
      background-repeat: no-repeat;
      background-size: .75rem;
      content: "";
      display: inline-block;
      height: .75rem;
      margin-left: .25rem;
      width: .75rem;
    }


  /* Layout */

    [class*=layout-container] {
      margin: 0 auto;
      max-width: 71.25em;
      padding: 1.9em 1.3em;
      position: relative;
    }
    .layout-container--short {
      padding-top: 0;
      padding-bottom: 0;
      max-width: 48.75em;
    }

    .layout-container--short:after {
      display: block;
      content: "";
      clear: both;
    }

  /* Header */

    .header {
      padding-bottom: 1px;
    }

    .paths {
      margin-left: 8px;
    }
    .header-wrap {
      display: flex;
      flex-direction: row;
      justify-content: space-between;
      padding-top: 2em;
    }
    .project__header {
      background-color: #4b45a9;
      color: #fff;
      margin-bottom: -1px;
      padding-top: 1em;
      padding-bottom: 0.25em;
      border-bottom: 2px solid #BBB;
    }

    .project__header__title {
      overflow-wrap: break-word;
      word-wrap: break-word;
      word-break: break-all;
      margin-bottom: .1em;
      margin-top: 0;
    }

    .timestamp {
      float: right;
      clear: none;
      margin-bottom: 0;
    }

    .meta-counts {
      clear: both;
      display: block;
      flex-wrap: wrap;
      justify-content: space-between;
      margin: 0 0 1.5em;
      color: #fff;
      clear: both;
      font-size: 1.1em;
    }

    .meta-count {
      display: block;
      flex-basis: 100%;
      margin: 0 1em 1em 0;
      float: left;
      padding-right: 1em;
      border-right: 2px solid #fff;
    }

    .meta-count:last-child {
      border-right: 0;
      padding-right: 0;
      margin-right: 0;
    }

  /* Card */

    .card {
      background-color: #fff;
      border: 1px solid #c5c5c5;
      border-radius: .25rem;
      margin: 0 0 2em 0;
      position: relative;
      min-height: 40px;
      padding: 1.5em;
    }

    .card .label {
      background-color: #767676;
      border: 2px solid #767676;
      color: white;
      padding: 0.25rem 0.75rem;
      font-size: 0.875rem;
      text-transform: uppercase;
      display: inline-block;
      margin: 0;
      border-radius: 0.25rem;
    }

    .card .label__text {
      vertical-align: text-top;
        font-weight: bold;
    }

    .card .label--critical {
      background-color: #AB1A1A;
      border-color: #AB1A1A;
    }

    .card .label--high {
      background-color: #CE5019;
      border-color: #CE5019;
    }

    .card .label--medium {
      background-color: #D68000;
      border-color: #D68000;
    }

    .card .label--low {
      background-color: #88879E;
      border-color: #88879E;
    }

    .severity--low {
      border-color: #88879E;
    }

    .severity--medium {
      border-color: #D68000;
    }

    .severity--high {
      border-color: #CE5019;
    }

    .severity--critical {
      border-color: #AB1A1A;
    }

    .card--vuln {
      padding-top: 4em;
    }

    .card--vuln .label {
      left: 0;
      position: absolute;
      top: 1.1em;
      padding-left: 1.9em;
      padding-right: 1.9em;
      border-radius: 0 0.25rem 0.25rem 0;
    }

    .card--vuln .card__section h2 {
      font-size: 22px;
      margin-bottom: 0.5em;
    }

    .card--vuln .card__section p {
      margin: 0 0 0.5em 0;
    }

    .card--vuln .card__meta {
      padding: 0 0 0 1em;
      margin: 0;
      font-size: 1.1em;
    }

    .card .card__meta__paths {
      font-size: 0.9em;
    }

    .card--vuln .card__title {
      font-size: 28px;
      margin-top: 0;
    }

    .card--vuln .card__cta p {
      margin: 0;
      text-align: right;
    }

    .source-panel {
      clear: both;
      display: flex;
      justify-content: flex-start;
      flex-direction: column;
      align-items: flex-start;
      padding: 0.5em 0;
      width: fit-content;
    }


  </style>
  <style type="text/css">
    .metatable {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      color: inherit;
      font-feature-settings: "pnum";
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      font-size: 100%;
      margin: 0;
      outline: none;
      padding: 0;
      text-align: left;
      text-decoration: none;
      vertical-align: baseline;
      z-index: auto;
      margin-top: 12px;
      border-collapse: collapse;
      border-spacing: 0;
      font-variant-numeric: tabular-nums;
      max-width: 51.75em;
    }

    tbody {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      color: inherit;
      font-feature-settings: "pnum";
      border-collapse: collapse;
      border-spacing: 0;
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      font-size: 100%;
      margin: 0;
      outline: none;
      padding: 0;
      text-align: left;
      text-decoration: none;
      vertical-align: baseline;
      z-index: auto;
      display: flex;
      flex-wrap: wrap;
    }

    .meta-row {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      color: inherit;
      font-feature-settings: "pnum";
      border-collapse: collapse;
      border-spacing: 0;
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      font-size: 100%;
      outline: none;
      text-align: left;
      text-decoration: none;
      vertical-align: baseline;
      z-index: auto;
      display: flex;
      align-items: start;
      border-top: 1px solid #d3d3d9;
      padding: 8px 0 0 0;
      border-bottom: none;
      margin: 8px;
      width: 47.75%;
    }

    .meta-row-label {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      font-feature-settings: "pnum";
      border-collapse: collapse;
      border-spacing: 0;
      color: #4c4a73;
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      margin: 0;
      outline: none;
      text-decoration: none;
      z-index: auto;
      align-self: start;
      flex: 1;
      font-size: 1rem;
      line-height: 1.5rem;
      padding: 0;
      text-align: left;
      vertical-align: top;
      text-transform: none;
      letter-spacing: 0;
    }

    .meta-row-value {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      color: inherit;
      font-feature-settings: "pnum";
      border-collapse: collapse;
      border-spacing: 0;
      word-break: break-word;
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      font-size: 100%;
      margin: 0;
      outline: none;
      padding: 0;
      text-align: right;
      text-decoration: none;
      vertical-align: baseline;
      z-index: auto;
    }
  </style>
</head>

<body class="section-projects">
  <main class="layout-stacked">
        <div class="layout-stacked__header header">
          <header class="project__header">
            <div class="layout-container">
              <a class="brand" href="https://snyk.io" title="Snyk">
                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
                  <title>Snyk - Open Source Security</title>
                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
                    <g fill="#fff">
                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
                    </g>
                  </g>
                </svg>
              </a>
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>

                <p class="timestamp">July 27th 2022, 2:59:41 pm</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
                <ul>
                  <li class="paths">quay.io/argoproj/argocd:latest/argoproj/argocd (deb)</li>
                </ul>
              </div>

              <div class="meta-counts">
                <div class="meta-count"><span>20</span> <span>known vulnerabilities</span></div>
                <div class="meta-count"><span>66 vulnerable dependency paths</span></div>
                <div class="meta-count"><span>162</span> <span>dependencies</span></div>
              </div><!-- .meta-counts -->
            </div><!-- .layout-container--short -->
          </header><!-- .project__header -->
        </div><!-- .layout-stacked__header -->
      <section class="layout-container">
          <table class="metatable">
              <tbody>
              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|quay.io/argoproj/argocd</td></tr>
              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">quay.io/argoproj/argocd:latest/argoproj/argocd</td></tr>
              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">deb</td></tr>
              <tr class="meta-row"><th class="meta-row-label">Manifest</th> <td class="meta-row-value">Dockerfile</td></tr>
              </tbody>
          </table>
      </section>
    <div class="layout-container" style="padding-top: 35px;">
      <div class="cards--vuln filter--patch filter--ignore">
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Out-of-bounds Read</h2>
            <div class="card__section">

                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            sqlite3/libsqlite3-0
                    </li>

                    <li class="card__meta__item">Introduced through:


                                    docker-image|quay.io/argoproj/argocd@latest, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        gnupg2/gpg@2.2.27-3ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span>
                                        sqlite3/libsqlite3-0@3.37.2-2

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>sqlite3</code> package.</em></p>
        <p>An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>sqlite3</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-9794">ADVISORY</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2020-9794">Debian Security Tracker</a></li>
        <li><a href="https://support.apple.com/HT211168">MISC</a></li>
        <li><a href="https://support.apple.com/HT211170">MISC</a></li>
        <li><a href="https://support.apple.com/HT211171">MISC</a></li>
        <li><a href="https://support.apple.com/HT211175">MISC</a></li>
        <li><a href="https://support.apple.com/HT211178">MISC</a></li>
        <li><a href="https://support.apple.com/HT211179">MISC</a></li>
        <li><a href="https://support.apple.com/HT211181">MISC</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-SQLITE3-2784637">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Improper Verification of Cryptographic Signature</h2>
            <div class="card__section">

                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            perl/perl-modules-5.34
                    </li>

                    <li class="card__meta__item">Introduced through:


                                    docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.4 and others
                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        git@1:2.34.1-1ubuntu1.4
                                         <span class="list-paths__item__arrow">›</span>
                                        perl@5.34.0-3ubuntu1
                                         <span class="list-paths__item__arrow">›</span>
                                        perl/perl-modules-5.34@5.34.0-3ubuntu1

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        git@1:2.34.1-1ubuntu1.4
                                         <span class="list-paths__item__arrow">›</span>
                                        perl@5.34.0-3ubuntu1
                                         <span class="list-paths__item__arrow">›</span>
                                        perl/libperl5.34@5.34.0-3ubuntu1
                                         <span class="list-paths__item__arrow">›</span>
                                        perl/perl-modules-5.34@5.34.0-3ubuntu1

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        git@1:2.34.1-1ubuntu1.4
                                         <span class="list-paths__item__arrow">›</span>
                                        perl@5.34.0-3ubuntu1
                                         <span class="list-paths__item__arrow">›</span>
                                        perl/libperl5.34@5.34.0-3ubuntu1

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        git@1:2.34.1-1ubuntu1.4
                                         <span class="list-paths__item__arrow">›</span>
                                        perl@5.34.0-3ubuntu1

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span>
                                        perl/perl-base@5.34.0-3ubuntu1

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>perl</code> package.</em></p>
        <p>CPAN 2.28 allows Signature Verification Bypass.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>perl</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-16156">ADVISORY</a></li>
        <li><a href="https://metacpan.org/pod/distribution/CPAN/scripts/cpan">MISC</a></li>
        <li><a href="https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/">MISC</a></li>
        <li><a href="http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/">FEDORA</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-PERL-2789081">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">CVE-2021-46828</h2>
            <div class="card__section">

                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            libtirpc/libtirpc-common
                    </li>

                    <li class="card__meta__item">Introduced through:

                                docker-image|quay.io/argoproj/argocd@latest and libtirpc/libtirpc-common@1.3.2-2build1

                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        libtirpc/libtirpc-common@1.3.2-2build1

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span>
                                        shadow/passwd@1:4.8.1-2ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        pam/libpam-modules@1.4.0-11ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        libnsl/libnsl2@1.3.0-2build2
                                         <span class="list-paths__item__arrow">›</span>
                                        libtirpc/libtirpc3@1.3.2-2build1
                                         <span class="list-paths__item__arrow">›</span>
                                        libtirpc/libtirpc-common@1.3.2-2build1

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        libtirpc/libtirpc3@1.3.2-2build1

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span>
                                        shadow/passwd@1:4.8.1-2ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        pam/libpam-modules@1.4.0-11ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        libtirpc/libtirpc3@1.3.2-2build1

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span>
                                        shadow/passwd@1:4.8.1-2ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        pam/libpam-modules@1.4.0-11ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        libnsl/libnsl2@1.3.0-2build2
                                         <span class="list-paths__item__arrow">›</span>
                                        libtirpc/libtirpc3@1.3.2-2build1

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>libtirpc</code> package.</em></p>
        <p>In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>libtirpc</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-46828">ADVISORY</a></li>
        <li><a href="http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed">MISC</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-LIBTIRPC-2956571">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">NULL Pointer Dereference</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            tar
                    </li>

                    <li class="card__meta__item">Introduced through:


                                    docker-image|quay.io/argoproj/argocd@latest, meta-common-packages@meta and others
                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span>
                                        tar@1.34+dfsg-1build3

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>tar</code> package.</em></p>
        <p>pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>tar</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2019-9923">Debian Security Tracker</a></li>
        <li><a href="http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120">MISC</a></li>
        <li><a href="http://savannah.gnu.org/bugs/?55369">MISC</a></li>
        <li><a href="https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241">MISC</a></li>
        <li><a href="https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E">MLIST</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E">MLIST</a></li>
        <li><a href="http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html">OpenSuse Security Announcement</a></li>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9923">Ubuntu CVE Tracker</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-TAR-2791257">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">CVE-2020-9991</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            sqlite3/libsqlite3-0
                    </li>

                    <li class="card__meta__item">Introduced through:


                                    docker-image|quay.io/argoproj/argocd@latest, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        gnupg2/gpg@2.2.27-3ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span>
                                        sqlite3/libsqlite3-0@3.37.2-2

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>sqlite3</code> package.</em></p>
        <p>This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>sqlite3</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-9991">ADVISORY</a></li>
        <li><a href="https://support.apple.com/kb/HT211846">CONFIRM</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2020/Dec/32">FULLDISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211843">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211844">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211847">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211850">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211931">MISC</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-SQLITE3-2778145">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Information Exposure</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            sqlite3/libsqlite3-0
                    </li>

                    <li class="card__meta__item">Introduced through:


                                    docker-image|quay.io/argoproj/argocd@latest, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        gnupg2/gpg@2.2.27-3ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span>
                                        sqlite3/libsqlite3-0@3.37.2-2

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>sqlite3</code> package.</em></p>
        <p>An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>sqlite3</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-9849">ADVISORY</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2020/Dec/32">FULLDISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211843">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211844">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211850">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211931">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211935">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211952">MISC</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-SQLITE3-2785627">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Time-of-check Time-of-use (TOCTOU)</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            shadow/passwd
                    </li>

                    <li class="card__meta__item">Introduced through:

                                docker-image|quay.io/argoproj/argocd@latest and shadow/passwd@1:4.8.1-2ubuntu2

                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        shadow/passwd@1:4.8.1-2ubuntu2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span>
                                        shadow/passwd@1:4.8.1-2ubuntu2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        openssh/openssh-client@1:8.9p1-3
                                         <span class="list-paths__item__arrow">›</span>
                                        shadow/passwd@1:4.8.1-2ubuntu2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        shadow/login@1:4.8.1-2ubuntu2

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>shadow</code> package.</em></p>
        <p>shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>shadow</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-4235">Debian Security Tracker</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235">RedHat Bugzilla Bug</a></li>
        <li><a href="https://access.redhat.com/security/cve/cve-2013-4235">RedHat CVE Database</a></li>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4235">Ubuntu CVE Tracker</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-SHADOW-2801886">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Uncontrolled Recursion</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            pcre3/libpcre3
                    </li>

                    <li class="card__meta__item">Introduced through:

                                docker-image|quay.io/argoproj/argocd@latest and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1

                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        grep@3.7-1build1
                                         <span class="list-paths__item__arrow">›</span>
                                        pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>pcre3</code> package.</em></p>
        <p>In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>pcre3</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164">CVE Details</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-11164">Debian Security Tracker</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        <li><a href="http://openwall.com/lists/oss-security/2017/07/11/3">OSS security Advisory</a></li>
        <li><a href="http://www.securityfocus.com/bid/99575">Security Focus</a></li>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11164">Ubuntu CVE Tracker</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-PCRE3-2799820">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Out-of-bounds Read</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            pcre2/libpcre2-8-0
                    </li>

                    <li class="card__meta__item">Introduced through:


                                    docker-image|quay.io/argoproj/argocd@latest, meta-common-packages@meta and others
                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span>
                                        pcre2/libpcre2-8-0@10.39-3build1

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>pcre2</code> package.</em></p>
        <p>An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>pcre2</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1587">ADVISORY</a></li>
        <li><a href="https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/">FEDORA</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2077983,">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/">FEDORA</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-PCRE2-2810786">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Out-of-bounds Read</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            pcre2/libpcre2-8-0
                    </li>

                    <li class="card__meta__item">Introduced through:


                                    docker-image|quay.io/argoproj/argocd@latest, meta-common-packages@meta and others
                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span>
                                        pcre2/libpcre2-8-0@10.39-3build1

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>pcre2</code> package.</em></p>
        <p>An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>pcre2</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1586">ADVISORY</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/">FEDORA</a></li>
        <li><a href="https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a,">MISC</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2077976,">MISC</a></li>
        <li><a href="https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/">FEDORA</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-PCRE2-2810797">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            patch
                    </li>

                    <li class="card__meta__item">Introduced through:

                                docker-image|quay.io/argoproj/argocd@latest and patch@2.7.6-7build2

                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        patch@2.7.6-7build2

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>patch</code> package.</em></p>
        <p>An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>patch</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261">ADVISORY</a></li>
        <li><a href="https://savannah.gnu.org/bugs/?61685">MISC</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-PATCH-2780071">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Double Free</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            patch
                    </li>

                    <li class="card__meta__item">Introduced through:

                                docker-image|quay.io/argoproj/argocd@latest and patch@2.7.6-7build2

                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        patch@2.7.6-7build2

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>patch</code> package.</em></p>
        <p>A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>patch</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952">CVE Details</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6952">Debian Security Tracker</a></li>
        <li><a href="https://security.gentoo.org/glsa/201904-17">Gentoo Security Advisory</a></li>
        <li><a href="https://savannah.gnu.org/bugs/index.php?53133">MISC</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2019:2033">REDHAT</a></li>
        <li><a href="http://www.securityfocus.com/bid/103047">Security Focus</a></li>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952">Ubuntu CVE Tracker</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-PATCH-2784568">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">CVE-2021-41617</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            openssh/openssh-client
                    </li>

                    <li class="card__meta__item">Introduced through:

                                docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3

                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        openssh/openssh-client@1:8.9p1-3

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>openssh</code> package.</em></p>
        <p>sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>openssh</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-41617">ADVISORY</a></li>
        <li><a href="https://bugzilla.suse.com/show_bug.cgi?id=1190975">CONFIRM</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20211014-0004/">CONFIRM</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/">FEDORA</a></li>
        <li><a href="https://www.openssh.com/security.html">MISC</a></li>
        <li><a href="https://www.openssh.com/txt/release-8.8">MISC</a></li>
        <li><a href="https://www.openwall.com/lists/oss-security/2021/09/26/1">MISC</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">MISC</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpujul2022.html">N/A</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSH-2775193">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Information Exposure</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            openssh/openssh-client
                    </li>

                    <li class="card__meta__item">Introduced through:

                                docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3

                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        openssh/openssh-client@1:8.9p1-3

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>openssh</code> package.</em></p>
        <p>The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>openssh</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-14145">ADVISORY</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20200709-0004/">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202105-35">GENTOO</a></li>
        <li><a href="https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d">MISC</a></li>
        <li><a href="https://docs.ssh-mitm.at/CVE-2020-14145.html">MISC</a></li>
        <li><a href="https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1">MISC</a></li>
        <li><a href="https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py">MISC</a></li>
        <li><a href="https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2020/12/02/1">MLIST</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSH-2792745">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Out-of-bounds Read</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            ncurses/libtinfo6
                    </li>

                    <li class="card__meta__item">Introduced through:

                                docker-image|quay.io/argoproj/argocd@latest and ncurses/libtinfo6@6.3-2

                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libtinfo6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        bash@5.1-6ubuntu1
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libtinfo6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libncursesw6@6.3-2
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libtinfo6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        less@590-1build1
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libtinfo6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        libedit/libedit2@3.1-20210910-1build1
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libtinfo6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libncurses6@6.3-2
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libtinfo6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/ncurses-bin@6.3-2
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libtinfo6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        procps@2:3.3.17-6ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libtinfo6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        util-linux@2.37.2-4ubuntu3
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libtinfo6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        gnupg2/gpg@2.2.27-3ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span>
                                        gnupg2/gpgconf@2.2.27-3ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span>
                                        readline/libreadline8@8.1.2-1
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libtinfo6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        gnupg2/gnupg@2.2.27-3ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span>
                                        gnupg2/gpg-agent@2.2.27-3ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span>
                                        pinentry/pinentry-curses@1.1.1-1build2
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libtinfo6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libncursesw6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        procps@2:3.3.17-6ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libncursesw6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        gnupg2/gnupg@2.2.27-3ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span>
                                        gnupg2/gpg-agent@2.2.27-3ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span>
                                        pinentry/pinentry-curses@1.1.1-1build2
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libncursesw6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libncurses6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        procps@2:3.3.17-6ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/libncurses6@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/ncurses-base@6.3-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        ncurses/ncurses-bin@6.3-2

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>ncurses</code> package.</em></p>
        <p>ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>ncurses</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-29458">ADVISORY</a></li>
        <li><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html">MISC</a></li>
        <li><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html">MISC</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-NCURSES-2801048">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            krb5/libk5crypto3
                    </li>

                    <li class="card__meta__item">Introduced through:

                                docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2

                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libk5crypto3@1.19.2-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span>
                                        shadow/passwd@1:4.8.1-2ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        pam/libpam-modules@1.4.0-11ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        libnsl/libnsl2@1.3.0-2build2
                                         <span class="list-paths__item__arrow">›</span>
                                        libtirpc/libtirpc3@1.3.2-2build1
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libgssapi-krb5-2@1.19.2-2
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libk5crypto3@1.19.2-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span>
                                        shadow/passwd@1:4.8.1-2ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        pam/libpam-modules@1.4.0-11ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        libnsl/libnsl2@1.3.0-2build2
                                         <span class="list-paths__item__arrow">›</span>
                                        libtirpc/libtirpc3@1.3.2-2build1
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libgssapi-krb5-2@1.19.2-2
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libkrb5-3@1.19.2-2
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libk5crypto3@1.19.2-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libkrb5-3@1.19.2-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span>
                                        shadow/passwd@1:4.8.1-2ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        pam/libpam-modules@1.4.0-11ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        libnsl/libnsl2@1.3.0-2build2
                                         <span class="list-paths__item__arrow">›</span>
                                        libtirpc/libtirpc3@1.3.2-2build1
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libgssapi-krb5-2@1.19.2-2
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libkrb5-3@1.19.2-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libgssapi-krb5-2@1.19.2-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        openssh/openssh-client@1:8.9p1-3
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libgssapi-krb5-2@1.19.2-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        git@1:2.34.1-1ubuntu1.4
                                         <span class="list-paths__item__arrow">›</span>
                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.3
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libgssapi-krb5-2@1.19.2-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        git@1:2.34.1-1ubuntu1.4
                                         <span class="list-paths__item__arrow">›</span>
                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.3
                                         <span class="list-paths__item__arrow">›</span>
                                        libssh/libssh-4@0.9.6-2build1
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libgssapi-krb5-2@1.19.2-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span>
                                        shadow/passwd@1:4.8.1-2ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        pam/libpam-modules@1.4.0-11ubuntu2
                                         <span class="list-paths__item__arrow">›</span>
                                        libnsl/libnsl2@1.3.0-2build2
                                         <span class="list-paths__item__arrow">›</span>
                                        libtirpc/libtirpc3@1.3.2-2build1
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libgssapi-krb5-2@1.19.2-2

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span>
                                        krb5/libkrb5support0@1.19.2-2

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>krb5</code> package.</em></p>
        <p>An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable &#34;dbentry-&gt;n_key_data&#34; in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a &#34;u4&#34; variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>krb5</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709">CVE Details</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-5709">Debian Security Tracker</a></li>
        <li><a href="https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow">GitHub Additional Information</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5709">Ubuntu CVE Tracker</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-KRB5-2797765">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            gmp/libgmp10
                    </li>

                    <li class="card__meta__item">Introduced through:

                                docker-image|quay.io/argoproj/argocd@latest and gmp/libgmp10@2:6.2.1+dfsg-3ubuntu1

                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        gmp/libgmp10@2:6.2.1+dfsg-3ubuntu1

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        coreutils@8.32-4.1ubuntu1
                                         <span class="list-paths__item__arrow">›</span>
                                        gmp/libgmp10@2:6.2.1+dfsg-3ubuntu1

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        apt@2.4.5
                                         <span class="list-paths__item__arrow">›</span>
                                        gnutls28/libgnutls30@3.7.3-4ubuntu1
                                         <span class="list-paths__item__arrow">›</span>
                                        gmp/libgmp10@2:6.2.1+dfsg-3ubuntu1

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        apt@2.4.5
                                         <span class="list-paths__item__arrow">›</span>
                                        gnutls28/libgnutls30@3.7.3-4ubuntu1
                                         <span class="list-paths__item__arrow">›</span>
                                        nettle/libhogweed6@3.7.3-1build2
                                         <span class="list-paths__item__arrow">›</span>
                                        gmp/libgmp10@2:6.2.1+dfsg-3ubuntu1

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        git@1:2.34.1-1ubuntu1.4
                                         <span class="list-paths__item__arrow">›</span>
                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.3
                                         <span class="list-paths__item__arrow">›</span>
                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4
                                         <span class="list-paths__item__arrow">›</span>
                                        gmp/libgmp10@2:6.2.1+dfsg-3ubuntu1

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>gmp</code> package.</em></p>
        <p>GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>gmp</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-43618">ADVISORY</a></li>
        <li><a href="https://bugs.debian.org/994405">MISC</a></li>
        <li><a href="https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html">MISC</a></li>
        <li><a href="https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e">MISC</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html">MLIST</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-GMP-2775169">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            glibc/libc-bin
                    </li>

                    <li class="card__meta__item">Introduced through:

                                docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.35-0ubuntu3

                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        glibc/libc-bin@2.35-0ubuntu3

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span>
                                        glibc/libc6@2.35-0ubuntu3

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>glibc</code> package.</em></p>
        <p>sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm&#39;s runtime is proportional to the square of the length of the password.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>glibc</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013">ADVISORY</a></li>
        <li><a href="https://twitter.com/solardiz/status/795601240151457793">MISC</a></li>
        <li><a href="https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/">MISC</a></li>
        <li><a href="https://akkadia.org/drepper/SHA-crypt.txt">MISC</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-GLIBC-2801292">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Improper Input Validation</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            git/git-man
                    </li>

                    <li class="card__meta__item">Introduced through:


                                    docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.4 and others
                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        git@1:2.34.1-1ubuntu1.4
                                         <span class="list-paths__item__arrow">›</span>
                                        git/git-man@1:2.34.1-1ubuntu1.4

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        git@1:2.34.1-1ubuntu1.4

                                </span>

                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        git-lfs@3.0.2-1
                                         <span class="list-paths__item__arrow">›</span>
                                        git@1:2.34.1-1ubuntu1.4

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>git</code> package.</em></p>
        <p>GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>git</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1000021">Debian Security Tracker</a></li>
        <li><a href="http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html">http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html</a></li>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000021">Ubuntu CVE Tracker</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-GIT-2798113">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Improper Input Validation</h2>
            <div class="card__section">

                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>

                <hr/>

                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:22.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:

                            coreutils
                    </li>

                    <li class="card__meta__item">Introduced through:

                                docker-image|quay.io/argoproj/argocd@latest and coreutils@8.32-4.1ubuntu1

                    </li>
                </ul>

                <hr/>


                        <h3 class="card__section__title">Detailed paths</h3>

                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span>
                                        coreutils@8.32-4.1ubuntu1

                                </span>

                            </li>
                    </ul><!-- .list-paths -->

            </div><!-- .card__section -->

              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>coreutils</code> package.</em></p>
        <p>chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal&#39;s input buffer.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>coreutils</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2781">Debian Security Tracker</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/2">OSS security Advisory</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/3">OSS security Advisory</a></li>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781">Ubuntu CVE Tracker</a></li>
        </ul>

              <hr/>

            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-COREUTILS-2801226">More about this vulnerability</a></p>
            </div>

        </div><!-- .card -->
      </div><!-- cards -->
    </div>
  </main><!-- .layout-stacked__content -->
</body>

</html>