chore(findings): grammatech/codesonar/codesonar-builder
Summary
grammatech/codesonar/codesonar-builder has 335 new findings discovered during continuous monitoring.
| id | source | severity | package |
|---|---|---|---|
| CVE-2021-3733 | Anchore CVE | Medium | python-3.9.0 |
| CVE-2021-3737 | Anchore CVE | High | python-3.9.0 |
| CVE-2022-26488 | Anchore CVE | High | python-3.9.0 |
| GHSA-57j2-w4cx-62h2 | Anchore CVE | High | jackson-databind-2.12.0 |
| GHSA-57j2-w4cx-62h2 | Anchore CVE | High | jackson-databind-2.12.0 |
| CVE-2015-20107 | Anchore CVE | High | python-3.9.0 |
| GHSA-4jrv-ppp4-jm57 | Anchore CVE | High | gson-2.8.8 |
| GHSA-qfr5-wjpw-q4c4 | Anchore CVE | Medium | python-ldap-3.3.1 |
| GHSA-qfr5-wjpw-q4c4 | Anchore CVE | Medium | python-ldap-3.3.1 |
| GHSA-r8wq-qrxc-hmcm | Twistlock CVE | Medium | python-ldap-3.3.1 |
| CVE-2021-46823 | Twistlock CVE | Medium | python-ldap-3.3.1 |
| CVE-2019-12900 | Anchore CVE | Critical | python-3.9.0 |
| CVE-2022-2309 | Twistlock CVE | High | lxml-4.6.3 |
| GHSA-wrxv-2j5q-m38w | Anchore CVE | High | lxml-4.6.3 |
| GHSA-wrxv-2j5q-m38w | Anchore CVE | High | lxml-4.6.3 |
| CVE-2013-0340 | Anchore CVE | Medium | python-3.9.0 |
| CVE-2022-22968 | Anchore CVE | Medium | spring-core-5.2.12.release |
| CVE-2022-22970 | Anchore CVE | Medium | spring-core-5.2.12.release |
| CVE-2021-22060 | Anchore CVE | Medium | spring-core-5.2.12.release |
| CVE-2021-22096 | Anchore CVE | Medium | spring-core-5.2.12.release |
| CVE-2021-22118 | Anchore CVE | High | spring-core-5.2.12.release |
| CVE-2022-22950 | Anchore CVE | Medium | spring-core-5.2.12.release |
| CVE-2022-22965 | Anchore CVE | Critical | spring-core-5.2.12.release |
| CVE-2022-22971 | Anchore CVE | Medium | spring-core-5.2.12.release |
| CVE-2016-1000027 | Anchore CVE | Critical | spring-core-5.2.12.release |
| CVE-2022-2345 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2129 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2126 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2175 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2343 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2125 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2344 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2124 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2522 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2175 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2183 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2182 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2207 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2206 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2210 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2345 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2344 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2343 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2021-3927 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2021-4166 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2522 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-0351 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2129 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2819 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-1720 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2018-20786 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2018-19211 | Twistlock CVE | Low | ncurses-6.1-9.20180224.el8 |
| CVE-2022-2286 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2285 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2284 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-1619 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2287 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2208 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2126 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2125 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2124 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2021-3974 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2018-25032 | Anchore CVE | High | python-3.9.0 |
| CVE-2016-3189 | Anchore CVE | Medium | python-3.9.0 |
| CVE-2022-2845 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2946 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2923 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2182 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2021-28861 | Anchore CVE | High | python-3.9.0 |
| CVE-2022-2819 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2849 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-3037 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2021-4189 | Anchore CVE | Medium | python-3.9.0 |
| CVE-2022-2980 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-3153 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-3153 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-3235 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-3234 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| GHSA-g3rq-g295-4j3m | Anchore CVE | Medium | Jinja2-2.11.2 |
| CVE-2022-2980 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2946 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2210 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-3037 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2183 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2849 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2845 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2923 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2207 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| GHSA-g3rq-g295-4j3m | Anchore CVE | Medium | Jinja2-2.11.2 |
| CVE-2022-3296 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2206 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2284 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-3352 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-2285 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2287 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-2286 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.12.0 |
| GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.12.0 |
| GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.12.0 |
| CVE-2022-2208 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.12.0 |
| CVE-2022-3256 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-3256 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-3296 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.5 |
| CVE-2022-3235 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-3234 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| GHSA-3f7h-mf4q-vrm4 | Anchore CVE | Low | woodstox-core-6.2.3 |
| CVE-2022-3705 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-3705 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-22965 | Twistlock CVE | Critical | spring-core_spring-core-5.2.12 |
| CVE-2022-42889 | Twistlock CVE | Critical | org.apache.commons_commons-text-1.5 |
| CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.12.0 |
| CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.12.0 |
| CVE-2020-36518 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.12.0 |
| CVE-2022-25647 | Twistlock CVE | High | com.google.code.gson_gson-2.8.8 |
| CVE-2021-43767 | Twistlock CVE | Medium | postgres-12.3 |
| CVE-2022-40152 | Twistlock CVE | Low | com.fasterxml.woodstox_woodstox-core-6.2.3 |
| CVE-2022-42920 | Twistlock CVE | Critical | org.apache.bcel_bcel-6.5.0 |
| CVE-2021-45078 | Twistlock CVE | Medium | binutils-2.30-117.el8 |
| CVE-2018-1000876 | Twistlock CVE | Medium | binutils-2.30-117.el8 |
| CVE-2021-3114 | Twistlock CVE | Medium | cpp-8.5.0-15.el8 |
| CVE-2019-9077 | Twistlock CVE | Medium | binutils-2.30-117.el8 |
| CVE-2019-9075 | Twistlock CVE | Medium | binutils-2.30-117.el8 |
| CVE-2019-9074 | Twistlock CVE | Medium | binutils-2.30-117.el8 |
| CVE-2018-20671 | Twistlock CVE | Medium | binutils-2.30-117.el8 |
| CVE-2018-20623 | Twistlock CVE | Medium | binutils-2.30-117.el8 |
| CVE-2021-3826 | Twistlock CVE | Low | cpp-8.5.0-15.el8 |
| CVE-2021-3826 | Twistlock CVE | Low | libgomp-8.5.0-15.el8 |
| CVE-2021-3826 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2021-3826 | Twistlock CVE | Low | libstdc++-devel-8.5.0-15.el8 |
| CVE-2020-35494 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2022-38533 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2022-27943 | Twistlock CVE | Low | libgomp-8.5.0-15.el8 |
| CVE-2022-27943 | Twistlock CVE | Low | cpp-8.5.0-15.el8 |
| CVE-2022-27943 | Twistlock CVE | Low | libstdc++-devel-8.5.0-15.el8 |
| CVE-2022-27943 | Twistlock CVE | Low | gcc-8.5.0-15.el8 |
| CVE-2022-27943 | Twistlock CVE | Low | gcc-c++-8.5.0-15.el8 |
| CVE-2020-35507 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2020-35496 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2020-35495 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2020-35493 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2019-12972 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-12934 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-20673 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-17985 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-18701 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-18700 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-18484 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-18483 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2021-46195 | Twistlock CVE | Low | cpp-8.5.0-15.el8 |
| CVE-2021-46195 | Twistlock CVE | Low | libstdc++-devel-8.5.0-15.el8 |
| CVE-2021-46195 | Twistlock CVE | Low | libgomp-8.5.0-15.el8 |
| CVE-2019-9071 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2019-14250 | Twistlock CVE | Low | libgomp-8.5.0-15.el8 |
| CVE-2019-14250 | Twistlock CVE | Low | cpp-8.5.0-15.el8 |
| CVE-2019-14250 | Twistlock CVE | Low | gcc-8.5.0-15.el8 |
| CVE-2019-14250 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2019-14250 | Twistlock CVE | Low | gcc-c++-8.5.0-15.el8 |
| CVE-2019-14250 | Twistlock CVE | Low | libstdc++-devel-8.5.0-15.el8 |
| CVE-2018-6872 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-20657 | Twistlock CVE | Low | cpp-8.5.0-15.el8 |
| CVE-2018-20657 | Twistlock CVE | Low | gcc-c++-8.5.0-15.el8 |
| CVE-2018-20657 | Twistlock CVE | Low | libstdc++-devel-8.5.0-15.el8 |
| CVE-2018-20657 | Twistlock CVE | Low | gcc-8.5.0-15.el8 |
| CVE-2018-20657 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-20657 | Twistlock CVE | Low | libgomp-8.5.0-15.el8 |
| CVE-2018-20651 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-20002 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-19932 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-18607 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-18606 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-18605 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-18309 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-17794 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-17360 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-12699 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-12698 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-12697 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2018-12641 | Twistlock CVE | Low | binutils-2.30-117.el8 |
| CVE-2022-1665 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2020-28097 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-34556 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2020-10741 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-3896 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-3586 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-3239 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-30594 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-2153 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2020-25645 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-3178 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2019-15213 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-27943 | Anchore CVE | Low | gcc-8.5.0-15.el8 |
| CVE-2022-1263 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-2964 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-33624 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-36280 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-2873 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-27943 | Anchore CVE | Low | cpp-8.5.0-15.el8 |
| CVE-2021-34981 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2020-3702 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-43975 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-41674 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-46778 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-42721 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-26341 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-28972 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-38457 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2020-36557 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-33656 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-1679 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2019-19530 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-3707 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-25265 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-3826 | Anchore CVE | Low | binutils-2.30-117.el8 |
| CVE-2022-41218 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-36402 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2019-20095 | Anchore CVE | Low | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2020-35501 | Anchore CVE | Low | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-3640 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-39189 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2019-15219 | Anchore CVE | Low | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-3435 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-3444 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-2905 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-4135 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-34693 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-3714 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-39188 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-21233 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-3344 | Anchore CVE | Low | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-0171 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-3428 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-20141 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-3028 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2020-27170 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-40133 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-38096 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-4159 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-38198 | Anchore CVE | Low | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-42722 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2020-14390 | Anchore CVE | Low | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2020-27171 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-3424 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-38166 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-36879 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-20166 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-29657 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-27943 | Anchore CVE | Low | libstdc++-devel-8.5.0-15.el8 |
| CVE-2020-14416 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2020-29374 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-1972 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-38206 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-2663 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-4001 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-42720 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-1280 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-33655 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-1789 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-28693 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2020-36311 | Anchore CVE | Low | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-0886 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-3655 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-27943 | Anchore CVE | Low | gcc-c++-8.5.0-15.el8 |
| CVE-2021-35477 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-27943 | Anchore CVE | Low | libgomp-8.5.0-15.el8 |
| CVE-2022-1462 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-2785 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-42703 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-45061 | Twistlock CVE | Medium | python3-libs-3.6.8-48.el8_7 |
| CVE-2022-45061 | Twistlock CVE | Medium | platform-python-3.6.8-48.el8_7 |
| CVE-2022-36227 | Twistlock CVE | Low | libarchive-3.3.3-4.el8 |
| CVE-2022-43680 | Anchore CVE | Medium | expat-2.2.5-10.el8 |
| CVE-2022-45061 | Anchore CVE | Medium | python3-libs-3.6.8-48.el8_7 |
| CVE-2022-42919 | Anchore CVE | High | python-3.9.0 |
| CVE-2022-36227 | Anchore CVE | Low | libarchive-3.3.3-4.el8 |
| CVE-2007-4559 | Anchore CVE | Medium | platform-python-3.6.8-48.el8_7 |
| CVE-2021-46848 | Anchore CVE | Medium | libtasn1-4.13-3.el8 |
| CVE-2022-41222 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
| GHSA-97xg-phpr-rg8q | Anchore CVE | Critical | bcel-6.5.0 |
| CVE-2022-45061 | Anchore CVE | High | python-3.9.0 |
| CVE-2022-3352 | Anchore CVE | Low | vim-filesystem-2:8.0.1763-19.el8_6.4 |
| CVE-2022-3625 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-43945 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-45061 | Anchore CVE | Medium | platform-python-3.6.8-48.el8_7 |
| CVE-2022-3566 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-4129 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2007-4559 | Anchore CVE | Medium | python3-libs-3.6.8-48.el8_7 |
| CVE-2022-23824 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-3903 | Anchore CVE | Low | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-35737 | Anchore CVE | Medium | sqlite-libs-3.26.0-16.el8_6 |
| CVE-2022-41858 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-3567 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-42895 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-42896 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2020-17049 | Twistlock CVE | Medium | krb5-libs-1.18.2-22.el8_7 |
| CVE-2022-45873 | Twistlock CVE | Medium | systemd-239-68.el8 |
| CVE-2022-45873 | Twistlock CVE | Medium | systemd-pam-239-68.el8 |
| CVE-2022-45873 | Twistlock CVE | Medium | systemd-libs-239-68.el8 |
| CVE-2022-4141 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-45939 | Twistlock CVE | Medium | emacs-filesystem-26.1-7.el8 |
| CVE-2022-45939 | Anchore CVE | Medium | emacs-filesystem-1:26.1-7.el8 |
| CVE-2022-4139 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-37454 | Anchore CVE | Critical | python-3.9.0 |
| CVE-2022-4269 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-22118 | Twistlock CVE | High | spring-core_spring-core-5.2.12 |
| CVE-2022-22971 | Twistlock CVE | Medium | spring-core_spring-core-5.2.12 |
| CVE-2022-22950 | Twistlock CVE | Medium | spring-core_spring-core-5.2.12 |
| CVE-2022-22970 | Twistlock CVE | Medium | spring-core_spring-core-5.2.12 |
| CVE-2021-22096 | Twistlock CVE | Medium | spring-core_spring-core-5.2.12 |
| CVE-2021-22060 | Twistlock CVE | Medium | spring-core_spring-core-5.2.12 |
| CVE-2022-4292 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-4293 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| CVE-2022-4285 | Twistlock CVE | Medium | gdb-gdbserver-8.2-19.el8 |
| CVE-2022-4285 | Twistlock CVE | Medium | binutils-2.30-117.el8 |
| CVE-2022-3491 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
| GHSA-43fp-rhv2-5gv8 | Anchore CVE | Medium | certifi-2018.10.15 |
| GHSA-43fp-rhv2-5gv8 | Anchore CVE | Medium | certifi-2018.10.15 |
| CVE-2022-3628 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-20154 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CCE-86099-9 | OSCAP Compliance | Medium | |
| CVE-2022-45934 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-4378 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-46908 | Twistlock CVE | Medium | sqlite-libs-3.26.0-16.el8_6 |
| CVE-2022-4285 | Anchore CVE | Medium | gdb-gdbserver-8.2-19.el8 |
| CVE-2022-45884 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-45886 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-45885 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-45919 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-4285 | Anchore CVE | Medium | binutils-2.30-117.el8 |
| CVE-2022-3564 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2022-3594 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
| CVE-2021-44568 | Twistlock CVE | Low | libsolv-0.7.20-4.el8_7 |
| CVE-2021-44568 | Anchore CVE | Low | libsolv-0.7.20-4.el8_7 |
| CVE-2022-45887 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
VAT: https://vat.dso.mil/vat/image?imageName=grammatech/codesonar/codesonar-builder&tag=6.2.2&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/grammatech/codesonar/codesonar-builder/-/jobs/10808443
Definition of Done
Justifications:
-
All findings have been justified -
Justifications have been provided to the container hardening team
Approval Process:
-
Findings Approver has reviewed and approved all justifications -
Approval request has been sent to Authorizing Official -
Approval request has been processed by Authorizing Official
Edited by Ghost User