Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP5 package trivy, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2024-6257 — CVSS 8.4 (high): HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially…
CVE-2023-42363 — CVSS 5.5 (medium): A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
CVE-2024-35192 — CVSS 5.5 (medium): Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted…