UNCLASSIFIED - NO CUI

chore(findings): redhat/dotnet-core/aspnetcore-runtime-6.0

Summary

redhat/dotnet-core/aspnetcore-runtime-6.0 has 147 new findings discovered during continuous monitoring.

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=redhat/dotnet-core/aspnetcore-runtime-6.0&tag=6.0&branch=master

id source severity package impact workaround
CVE-2022-1271 Twistlock CVE High gzip-1.9-13.el8_5
CVE-2017-5130 Twistlock CVE High libxml2-2.9.7-18.el8_10.1
CVE-2017-15412 Twistlock CVE High libxml2-2.9.7-18.el8_10.1
CVE-2016-5131 Twistlock CVE High libxml2-2.9.7-18.el8_10.1
CVE-2016-1834 Twistlock CVE High libxml2-2.9.7-18.el8_10.1
CVE-2019-10086 Twistlock CVE High python3-six-1.11.0-8.el8
CVE-2016-1840 Twistlock CVE High libxml2-2.9.7-18.el8_10.1
CVE-2016-3191 Twistlock CVE High pcre-8.42-6.el8
CVE-2015-8385 Twistlock CVE High pcre-8.42-6.el8
CVE-2021-22945 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2017-0663 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2023-52425 Twistlock CVE Medium expat-2.2.5-13.el8_10
CVE-2021-46877 Twistlock CVE Medium python3-libcomps-0.1.18-1.el8
CVE-2021-46877 Twistlock CVE Medium libsolv-0.7.20-6.el8
CVE-2021-46877 Twistlock CVE Medium libcomps-0.1.18-1.el8
CVE-2021-33938 Twistlock CVE Medium libsolv-0.7.20-6.el8
CVE-2021-33930 Twistlock CVE Medium libsolv-0.7.20-6.el8
CVE-2021-33929 Twistlock CVE Medium libsolv-0.7.20-6.el8
CVE-2021-33928 Twistlock CVE Medium libsolv-0.7.20-6.el8
CVE-2021-33503 Twistlock CVE Medium python3-urllib3-1.24.2-8.el8_10
CVE-2021-22946 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2021-22926 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2020-25710 Twistlock CVE Medium openldap-2.4.46-19.el8_10
CVE-2020-25709 Twistlock CVE Medium openldap-2.4.46-19.el8_10
CVE-2020-12243 Twistlock CVE Medium openldap-2.4.46-19.el8_10
CVE-2019-20454 Twistlock CVE Medium pcre-8.42-6.el8
CVE-2019-17007 Twistlock CVE Medium nss-3.90.0-7.el8_10
CVE-2019-11729 Twistlock CVE Medium nss-3.90.0-7.el8_10
CVE-2019-11719 Twistlock CVE Medium nss-3.90.0-7.el8_10
CVE-2018-6003 Twistlock CVE Medium libtasn1-4.13-4.el8_7
CVE-2017-9047 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2020-8286 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2019-13565 Twistlock CVE Medium openldap-2.4.46-19.el8_10
CVE-2016-0718 Twistlock CVE Medium expat-2.2.5-13.el8_10
CVE-2016-9318 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2024-6197 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2022-1705 Twistlock CVE Medium python3-decorator-4.2.1-2.el8
CVE-2022-1705 Twistlock CVE Medium python3-six-1.11.0-8.el8
CVE-2021-22922 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2020-8285 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2019-13057 Twistlock CVE Medium openldap-2.4.46-19.el8_10
CVE-2018-1000122 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2017-9287 Twistlock CVE Medium openldap-2.4.46-19.el8_10
CVE-2017-9050 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2017-9049 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2017-7375 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2021-22947 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2023-43804 Twistlock CVE Medium python3-urllib3-1.24.2-8.el8_10
CVE-2023-27536 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2023-27535 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2021-46848 Twistlock CVE Medium libtasn1-4.13-4.el8_7
CVE-2020-8169 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2017-17740 Twistlock CVE Medium openldap-2.4.46-19.el8_10
CVE-2015-8710 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2021-22923 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2023-27538 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2020-8177 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2018-1000301 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2018-1000120 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2023-45853 Twistlock CVE Medium zlib-1.2.11-25.el8
CVE-2019-3822 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2016-8625 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2016-8624 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2016-8619 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2016-8618 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2016-8615 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2016-4658 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2016-4472 Twistlock CVE Medium expat-2.2.5-13.el8_10
CVE-2016-4448 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2015-3146 Twistlock CVE Medium libssh-0.9.6-14.el8
CVE-2015-1546 Twistlock CVE Medium openldap-2.4.46-19.el8_10
CVE-2016-5419 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2018-16890 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2016-5300 Twistlock CVE Medium expat-2.2.5-13.el8_10
CVE-2016-4483 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2016-4449 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2016-4447 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2016-3705 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2016-3627 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2016-1839 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2016-1838 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2016-1837 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2016-1836 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2016-1835 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2016-1833 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2016-1762 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2015-8391 Twistlock CVE Medium pcre-8.42-6.el8
CVE-2015-8388 Twistlock CVE Medium pcre-8.42-6.el8
CVE-2015-8035 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2015-7942 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2015-7500 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2015-7499 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2015-7498 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2015-7497 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2015-5312 Twistlock CVE Medium libxml2-2.9.7-18.el8_10.1
CVE-2015-5073 Twistlock CVE Medium pcre-8.42-6.el8
CVE-2015-3217 Twistlock CVE Medium pcre-8.42-6.el8
CVE-2015-3153 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2015-2328 Twistlock CVE Medium pcre-8.42-6.el8
CVE-2015-2327 Twistlock CVE Medium pcre-8.42-6.el8
CVE-2023-45803 Twistlock CVE Medium python3-urllib3-1.24.2-8.el8_10
CVE-2015-3148 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2015-3143 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2021-22924 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2021-22876 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2016-8617 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2020-8284 Twistlock CVE Medium curl-7.61.1-34.el8_10.2
CVE-2016-9063 Twistlock CVE Low expat-2.2.5-13.el8_10
CVE-2017-6891 Twistlock CVE Low libtasn1-4.13-4.el8_7
CVE-2019-20387 Twistlock CVE Low libsolv-0.7.20-6.el8
CVE-2019-5436 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2021-44568 Twistlock CVE Low libsolv-0.7.20-6.el8
CVE-2017-8872 Twistlock CVE Low libxml2-2.9.7-18.el8_10.1
CVE-2018-1000121 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2016-8621 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2018-16840 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2018-16839 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2017-9048 Twistlock CVE Low libxml2-2.9.7-18.el8_10.1
CVE-2017-1000100 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2019-3823 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2018-14567 Twistlock CVE Low libxml2-2.9.7-18.el8_10.1
CVE-2015-8317 Twistlock CVE Low libxml2-2.9.7-18.el8_10.1
CVE-2015-8242 Twistlock CVE Low libxml2-2.9.7-18.el8_10.1
CVE-2015-8241 Twistlock CVE Low libxml2-2.9.7-18.el8_10.1
CVE-2016-7141 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2016-5420 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2016-0755 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2015-7941 Twistlock CVE Low libxml2-2.9.7-18.el8_10.1
CVE-2023-28320 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2021-22897 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2021-22890 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2020-8231 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2016-8622 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2016-8616 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2018-16842 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2016-7091 Twistlock CVE Low readline-7.0-10.el8
CVE-2021-3634 Twistlock CVE Low libssh-0.9.6-14.el8
CVE-2017-18258 Twistlock CVE Low libxml2-2.9.7-18.el8_10.1
CVE-2021-3200 Twistlock CVE Low libsolv-0.7.20-6.el8
CVE-2019-2708 Twistlock CVE Low libdb-5.3.28-42.el8_4
CVE-2017-11164 Twistlock CVE Low pcre-8.42-6.el8
CVE-2017-10790 Twistlock CVE Low libtasn1-4.13-4.el8_7
CVE-2016-8623 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2021-22925 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2021-22898 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2015-8386 Twistlock CVE Low pcre-8.42-6.el8
CVE-2017-7407 Twistlock CVE Low curl-7.61.1-34.el8_10.2

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=redhat/dotnet-core/aspnetcore-runtime-6.0&tag=6.0&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI