chore(findings): crunchy-data/postgres/postgis
Summary
crunchy-data/postgres/postgis has 207 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2023-34969 | Anchore CVE | Medium | dbus-daemon-1:1.12.8-24.el8 |
CVE-2023-32681 | Anchore CVE | Medium | python3-requests-2.20.0-2.1.el8_1 |
CVE-2023-34410 | Anchore CVE | Medium | qt5-srpm-macros-5.15.3-1.el8 |
CVE-2022-45061 | Anchore CVE | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2023-28321 | Anchore CVE | Medium | curl-7.61.1-30.el8_8.2 |
CVE-2023-2602 | Anchore CVE | Low | libcap-2.48-4.el8 |
CVE-2022-3094 | Anchore CVE | Medium | bind-utils-32:9.11.36-8.el8 |
CVE-2022-38784 | Anchore CVE | Medium | poppler-20.11.0-6.el8 |
CVE-2022-3094 | Anchore CVE | Medium | bind-libs-lite-32:9.11.36-8.el8 |
CVE-2022-3094 | Anchore CVE | Medium | bind-license-32:9.11.36-8.el8 |
CVE-2022-48468 | Anchore CVE | Medium | protobuf-c-1.3.0-6.el8 |
CVE-2022-48281 | Anchore CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2022-48338 | Anchore CVE | Medium | emacs-filesystem-1:26.1-10.el8_8.2 |
CVE-2023-2953 | Anchore CVE | Low | openldap-2.4.46-18.el8 |
CVE-2023-2603 | Anchore CVE | Medium | libcap-2.48-4.el8 |
CVE-2023-32573 | Anchore CVE | Low | qt5-srpm-macros-5.15.3-1.el8 |
CVE-2023-1981 | Anchore CVE | Medium | avahi-libs-0.7-20.el8 |
CVE-2015-20107 | Anchore CVE | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2021-3733 | Anchore CVE | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2022-3570 | Anchore CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2021-3737 | Anchore CVE | Low | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2023-34969 | Anchore CVE | Medium | dbus-common-1:1.12.8-24.el8 |
CVE-2023-34969 | Anchore CVE | Medium | dbus-1:1.12.8-24.el8 |
CVE-2022-3094 | Anchore CVE | Medium | python3-bind-32:9.11.36-8.el8 |
CVE-2022-48339 | Anchore CVE | Medium | emacs-filesystem-1:26.1-10.el8_8.2 |
CVE-2023-24329 | Anchore CVE | High | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2023-30571 | Anchore CVE | Medium | libarchive-3.3.3-5.el8 |
CVE-2022-3094 | Anchore CVE | Medium | bind-libs-32:9.11.36-8.el8 |
CVE-2023-28321 | Anchore CVE | Medium | libcurl-7.61.1-30.el8_8.2 |
CVE-2022-42898 | Anchore CVE | High | libkadm5-1.18.2-22.el8 |
CVE-2022-48337 | Anchore CVE | Medium | emacs-filesystem-1:26.1-10.el8_8.2 |
CVE-2022-42898 | Anchore CVE | High | krb5-libs-1.18.2-22.el8 |
CVE-2023-34969 | Anchore CVE | Medium | dbus-libs-1:1.12.8-24.el8 |
CVE-2023-33285 | Anchore CVE | Medium | qt5-srpm-macros-5.15.3-1.el8 |
CVE-2023-29491 | Anchore CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2022-42898 | Anchore CVE | High | krb5-workstation-1.18.2-22.el8 |
CVE-2022-41862 | Anchore CVE | Low | libpq-13.5-1.el8 |
CVE-2022-0391 | Anchore CVE | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2023-3164 | Anchore CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-34969 | Anchore CVE | Medium | dbus-tools-1:1.12.8-24.el8 |
CVE-2007-4559 | Anchore CVE | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2023-3138 | Anchore CVE | Medium | libX11-xcb-1.6.8-5.el8 |
CVE-2023-27043 | Anchore CVE | Medium | python3-libs-3.6.8-51.el8_8.1 |
CVE-2023-3138 | Anchore CVE | Medium | libX11-1.6.8-5.el8 |
CVE-2023-3138 | Anchore CVE | Medium | libX11-common-1.6.8-5.el8 |
CVE-2007-4559 | Anchore CVE | Medium | platform-python-3.6.8-51.el8_8.1 |
CVE-2023-27043 | Anchore CVE | Medium | platform-python-3.6.8-51.el8_8.1 |
CVE-2007-4559 | Anchore CVE | Medium | python3-libs-3.6.8-51.el8_8.1 |
CVE-2023-3316 | Anchore CVE | Medium | libtiff-4.0.9-27.el8 |
CCE-80807-1 | OSCAP Compliance | Medium | |
CCE-86523-8 | OSCAP Compliance | Medium | |
CVE-2023-28617 | Twistlock CVE | Critical | emacs-filesystem-26.1-10.el8_8.2 |
CVE-2023-24329 | Twistlock CVE | Critical | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2022-3970 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2021-23169 | Twistlock CVE | Medium | OpenEXR-libs-2.2.0-12.el8 |
CVE-2019-17543 | Twistlock CVE | Medium | lz4-1.8.3-3.el8_4 |
CVE-2022-48339 | Twistlock CVE | Medium | emacs-filesystem-26.1-10.el8_8.2 |
CVE-2022-45939 | Twistlock CVE | Medium | emacs-filesystem-26.1-10.el8_8.2 |
CVE-2022-38784 | Twistlock CVE | Medium | poppler-20.11.0-6.el8 |
CVE-2023-25193 | Twistlock CVE | Medium | harfbuzz-1.7.5-3.el8 |
CVE-2022-45061 | Twistlock CVE | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2022-3094 | Twistlock CVE | Medium | bind-libs-9.11.36-8.el8 |
CVE-2022-3094 | Twistlock CVE | Medium | bind-utils-9.11.36-8.el8 |
CVE-2022-3094 | Twistlock CVE | Medium | bind-license-9.11.36-8.el8 |
CVE-2022-3094 | Twistlock CVE | Medium | bind-libs-lite-9.11.36-8.el8 |
CVE-2022-3094 | Twistlock CVE | Medium | python3-bind-9.11.36-8.el8 |
CVE-2022-48338 | Twistlock CVE | Medium | emacs-filesystem-26.1-10.el8_8.2 |
CVE-2022-48337 | Twistlock CVE | Medium | emacs-filesystem-26.1-10.el8_8.2 |
CVE-2020-17049 | Twistlock CVE | Medium | krb5-libs-1.18.2-22.el8 |
CVE-2020-17049 | Twistlock CVE | Medium | krb5-workstation-1.18.2-22.el8 |
CVE-2020-17049 | Twistlock CVE | Medium | libkadm5-1.18.2-22.el8 |
CVE-2021-3782 | Twistlock CVE | Medium | libwayland-server-1.21.0-1.el8 |
CVE-2021-3782 | Twistlock CVE | Medium | libwayland-client-1.21.0-1.el8 |
CVE-2022-3627 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2022-3599 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2022-3598 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-1981 | Twistlock CVE | Medium | avahi-libs-0.7-20.el8 |
CVE-2021-3479 | Twistlock CVE | Medium | OpenEXR-libs-2.2.0-12.el8 |
CVE-2020-15306 | Twistlock CVE | Medium | OpenEXR-libs-2.2.0-12.el8 |
CVE-2023-32681 | Twistlock CVE | Medium | requests-2.20.0 |
CVE-2023-0804 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0803 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0802 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0801 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0800 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0798 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0797 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0796 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0795 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2021-20303 | Twistlock CVE | Medium | OpenEXR-libs-2.2.0-12.el8 |
CVE-2022-4645 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-24056 | Twistlock CVE | Medium | pkgconf-pkg-config-1.4.2-1.el8 |
CVE-2023-24056 | Twistlock CVE | Medium | libpkgconf-1.4.2-1.el8 |
CVE-2023-24056 | Twistlock CVE | Medium | pkgconf-1.4.2-1.el8 |
CVE-2023-24056 | Twistlock CVE | Medium | pkgconf-m4-1.4.2-1.el8 |
CVE-2023-0799 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2022-48281 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2022-3570 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2021-45942 | Twistlock CVE | Medium | OpenEXR-libs-2.2.0-12.el8 |
CVE-2020-11765 | Twistlock CVE | Medium | OpenEXR-libs-2.2.0-12.el8 |
CVE-2020-11764 | Twistlock CVE | Medium | OpenEXR-libs-2.2.0-12.el8 |
CVE-2020-11763 | Twistlock CVE | Medium | OpenEXR-libs-2.2.0-12.el8 |
CVE-2020-11762 | Twistlock CVE | Medium | OpenEXR-libs-2.2.0-12.el8 |
CVE-2020-11761 | Twistlock CVE | Medium | OpenEXR-libs-2.2.0-12.el8 |
CVE-2020-11760 | Twistlock CVE | Medium | OpenEXR-libs-2.2.0-12.el8 |
CVE-2020-11759 | Twistlock CVE | Medium | OpenEXR-libs-2.2.0-12.el8 |
CVE-2020-11758 | Twistlock CVE | Medium | OpenEXR-libs-2.2.0-12.el8 |
CVE-2022-2795 | Twistlock CVE | Medium | bind-libs-9.11.36-8.el8 |
CVE-2022-2795 | Twistlock CVE | Medium | bind-utils-9.11.36-8.el8 |
CVE-2022-2795 | Twistlock CVE | Medium | bind-license-9.11.36-8.el8 |
CVE-2022-2795 | Twistlock CVE | Medium | python3-bind-9.11.36-8.el8 |
CVE-2022-2795 | Twistlock CVE | Medium | bind-libs-lite-9.11.36-8.el8 |
CVE-2023-0512 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-0433 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-0054 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-4292 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3352 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3296 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3256 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3235 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3234 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3037 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2946 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2819 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2522 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2345 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2344 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2343 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2286 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2285 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2284 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2210 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2207 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2206 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2182 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2175 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2129 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2126 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2125 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2124 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2021-20304 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2021-20299 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2021-20298 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2023-1127 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-0288 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-0049 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2287 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3705 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2021-43618 | Twistlock CVE | Low | gmp-c++-6.1.2-10.el8 |
CVE-2023-1916 | Twistlock CVE | Low | libtiff-4.0.9-27.el8 |
CVE-2022-3153 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-1720 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-0464 | Twistlock CVE | Low | openssl-1.1.1k-9.el8_7 |
CVE-2023-1264 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-4293 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3857 | Twistlock CVE | Low | libpng-1.6.34-5.el8 |
CVE-2022-2980 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2923 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-0530 | Twistlock CVE | Low | unzip-6.0-46.el8 |
CVE-2022-0529 | Twistlock CVE | Low | unzip-6.0-46.el8 |
CVE-2021-3933 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2021-3605 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2021-3598 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2021-3478 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2021-3477 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2021-26945 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2021-26260 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2021-23215 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2020-35538 | Twistlock CVE | Low | libjpeg-turbo-1.5.3-12.el8 |
CVE-2020-16589 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2020-16587 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2023-1175 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-1170 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2021-3476 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2021-3475 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2021-3474 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2021-20302 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2021-20296 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2019-7317 | Twistlock CVE | Low | libpng-1.6.34-5.el8 |
CVE-2018-15919 | Twistlock CVE | Low | openssh-clients-8.0p1-17.el8 |
CVE-2018-15919 | Twistlock CVE | Low | openssh-server-8.0p1-17.el8 |
CVE-2018-15919 | Twistlock CVE | Low | openssh-8.0p1-17.el8 |
CVE-2021-3941 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2023-0466 | Twistlock CVE | Low | openssl-1.1.1k-9.el8_7 |
CVE-2023-0465 | Twistlock CVE | Low | openssl-1.1.1k-9.el8_7 |
CVE-2022-41862 | Twistlock CVE | Low | libpq-13.5-1.el8 |
CVE-2022-2208 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2183 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2021-4217 | Twistlock CVE | Low | unzip-6.0-46.el8 |
CVE-2019-14250 | Twistlock CVE | Low | libquadmath-8.5.0-18.el8 |
CVE-2019-14250 | Twistlock CVE | Low | libgfortran-8.5.0-18.el8 |
CVE-2019-14250 | Twistlock CVE | Low | libgomp-8.5.0-18.el8 |
CVE-2018-20657 | Twistlock CVE | Low | libgfortran-8.5.0-18.el8 |
CVE-2018-20657 | Twistlock CVE | Low | libquadmath-8.5.0-18.el8 |
CVE-2018-20657 | Twistlock CVE | Low | libgomp-8.5.0-18.el8 |
CVE-2018-18444 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2018-18443 | Twistlock CVE | Low | OpenEXR-libs-2.2.0-12.el8 |
CVE-2022-33070 | Twistlock CVE | Low | protobuf-c-1.3.0-6.el8 |
CVE-2019-6110 | Twistlock CVE | Low | openssh-8.0p1-17.el8 |
CVE-2019-6110 | Twistlock CVE | Low | openssh-server-8.0p1-17.el8 |
CVE-2019-6110 | Twistlock CVE | Low | openssh-clients-8.0p1-17.el8 |
CVE-2022-2849 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2845 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-24329 | Twistlock CVE | Critical | python3-libs-3.6.8-51.el8_8.1 |
CVE-2023-24329 | Twistlock CVE | Critical | platform-python-3.6.8-51.el8_8.1 |
CVE-2019-9674 | Twistlock CVE | Low | platform-python-3.6.8-51.el8_8.1 |
CVE-2019-9674 | Twistlock CVE | Low | python3-libs-3.6.8-51.el8_8.1 |
VAT: https://vat.dso.mil/vat/image?imageName=crunchy-data/postgres/postgis&tag=ubi8-14.8-3.2-5.1.5&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/crunchy-data/postgres/postgis/-/jobs/12444921
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Approval" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications -
Send approval request to Authorizing Official -
Close issue after approval from Authorizing Official
Note: If the above approval process is rejected for any reason, the
Approval
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theApproval
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.