UNCLASSIFIED - NO CUI

chore(findings): security-compass/sd-elements/exim

Summary

security-compass/sd-elements/exim has 81 new findings discovered during continuous monitoring.

Layer: redhat/ubi/ubi9:9.6 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=security-compass/sd-elements/exim&tag=0.1.20-9.6-001&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2024-34459 Twistlock CVE Low libxml2-2.9.13-14.el9_7 0.00847 false
CVE-2024-34459 Anchore CVE Low libxml2-2.9.13-14.el9_7 0.00847 false
CVE-2024-41996 Twistlock CVE Low openssl-1:3.5.1-4.el9_7 0.00690 false
CVE-2024-41996 Anchore CVE Low openssl-libs-1:3.5.1-4.el9_7 0.00690 false
CVE-2024-41996 Anchore CVE Low openssl-1:3.5.1-4.el9_7 0.00690 false
CVE-2025-14087 Twistlock CVE Medium glib2-2.68.4-18.el9_7 0.00197 false
CVE-2025-14087 Anchore CVE Medium glib2-2.68.4-18.el9_7 0.00197 false
CVE-2021-20197 Twistlock CVE Medium binutils-2.35.2-67.el9 0.00193 false
CVE-2021-20197 Anchore CVE Medium binutils-2.35.2-67.el9 0.00193 false
CVE-2021-20197 Anchore CVE Medium binutils-gold-2.35.2-67.el9 0.00193 false
CVE-2025-27113 Twistlock CVE Low libxml2-2.9.13-14.el9_7 0.00184 false
CVE-2025-27113 Anchore CVE Low libxml2-2.9.13-14.el9_7 0.00184 false
CVE-2017-1000383 Twistlock CVE Low emacs-1:27.2-18.el9 0.00142 false
CVE-2024-13176 Twistlock CVE Low openssl-1:3.5.1-4.el9_7 0.00123 false
CVE-2024-13176 Anchore CVE Low openssl-1:3.5.1-4.el9_7 0.00123 false
CVE-2024-13176 Anchore CVE Low openssl-libs-1:3.5.1-4.el9_7 0.00123 false
CVE-2023-47038 Twistlock CVE Medium perl-0:5.32.1-481.1.el9_6 0.00090 false
CVE-2023-45322 Anchore CVE Low libxml2-2.9.13-14.el9_7 0.00076 false
CVE-2025-13836 Anchore CVE Medium python3-3.9.23-2.el9 0.00066 false
CVE-2025-13836 Anchore CVE Medium python3-libs-3.9.23-2.el9 0.00066 false
CVE-2025-13836 Twistlock CVE Medium python3.9-3.9.23-2.el9 0.00066 false
CVE-2025-1377 Anchore CVE Low elfutils-debuginfod-client-0.193-1.el9 0.00064 false
CVE-2025-1376 Anchore CVE Low elfutils-debuginfod-client-0.193-1.el9 0.00064 false
CVE-2025-1371 Anchore CVE Low elfutils-debuginfod-client-0.193-1.el9 0.00052 false
CVE-2025-14512 Twistlock CVE Medium glib2-2.68.4-18.el9_7 0.00034 false
CVE-2025-14512 Anchore CVE Medium glib2-2.68.4-18.el9_7 0.00034 false
CVE-2025-9232 Twistlock CVE Low openssl-1:3.5.1-4.el9_7 0.00027 false
CVE-2025-9232 Anchore CVE Low openssl-libs-1:3.5.1-4.el9_7 0.00027 false
CVE-2025-9232 Anchore CVE Low openssl-1:3.5.1-4.el9_7 0.00027 false
CVE-2025-11081 Twistlock CVE Medium binutils-2.35.2-67.el9 0.00027 false
CVE-2025-11081 Anchore CVE Medium binutils-gold-2.35.2-67.el9 0.00027 false
CVE-2025-11081 Anchore CVE Medium binutils-2.35.2-67.el9 0.00027 false
CVE-2025-11083 Twistlock CVE Medium binutils-2.35.2-67.el9 0.00026 false
CVE-2025-11083 Anchore CVE Medium binutils-gold-2.35.2-67.el9 0.00026 false
CVE-2025-11083 Anchore CVE Medium binutils-2.35.2-67.el9 0.00026 false
CVE-2025-11840 Twistlock CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11840 Anchore CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11840 Anchore CVE Low binutils-gold-2.35.2-67.el9 0.00023 false
CVE-2025-11495 Twistlock CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11495 Anchore CVE Low binutils-gold-2.35.2-67.el9 0.00023 false
CVE-2025-11495 Anchore CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11494 Twistlock CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11494 Anchore CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11494 Anchore CVE Low binutils-gold-2.35.2-67.el9 0.00023 false
CVE-2025-11414 Twistlock CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11414 Anchore CVE Low binutils-gold-2.35.2-67.el9 0.00023 false
CVE-2025-11414 Anchore CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11413 Twistlock CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11413 Anchore CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11413 Anchore CVE Low binutils-gold-2.35.2-67.el9 0.00023 false
CVE-2025-11412 Twistlock CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11412 Anchore CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11412 Anchore CVE Low binutils-gold-2.35.2-67.el9 0.00023 false
CVE-2025-11082 Twistlock CVE Medium binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11082 Anchore CVE Medium binutils-gold-2.35.2-67.el9 0.00023 false
CVE-2025-11082 Anchore CVE Medium binutils-2.35.2-67.el9 0.00023 false
CVE-2025-66471 Twistlock CVE High urllib3-1.26.5 As of 20251212, we have received no reports of active exploitation in the wild. Users would need to stream compressed content from untrusted sources. 0.00018 false
CVE-2025-66418 Twistlock CVE High urllib3-1.26.5 As of 20251212, we have received no reports of active exploitation in the wild. Users would need to make requests to untrusted sources. Use preloadcontentFalse and ensure that resp.headerscontentencoding contains a safe number of encodings before reading the response content. 0.00018 false
CVE-2025-13837 Twistlock CVE Medium python3.9-3.9.23-2.el9 0.00018 false
CVE-2025-13837 Anchore CVE Medium python3-3.9.23-2.el9 0.00018 false
CVE-2025-13837 Anchore CVE Medium python3-libs-3.9.23-2.el9 0.00018 false
CVE-2025-66382 Twistlock CVE Low expat-2.5.0-5.el9_7.1 0.00017 false
CVE-2025-66382 Anchore CVE Low expat-2.5.0-5.el9_7.1 0.00017 false
CVE-2025-6170 Twistlock CVE Low libxml2-2.9.13-14.el9_7 0.00017 false
CVE-2025-6170 Anchore CVE Low libxml2-2.9.13-14.el9_7 0.00017 false
CVE-2025-13601 Twistlock CVE Medium glib2-2.68.4-18.el9_7 0.00015 false
CVE-2025-13601 Anchore CVE Medium glib2-2.68.4-18.el9_7 0.00015 false
CVE-2025-14104 Twistlock CVE Medium util-linux-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium util-linux-core-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libuuid-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libfdisk-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libmount-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libsmartcols-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium util-linux-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libblkid-2.37.4-21.el9 0.00014 false
CVE-2025-11839 Twistlock CVE Low binutils-2.35.2-67.el9 0.00014 false
CVE-2025-11839 Anchore CVE Low binutils-2.35.2-67.el9 0.00014 false
CVE-2025-11839 Anchore CVE Low binutils-gold-2.35.2-67.el9 0.00014 false
CVE-2025-23050 Twistlock CVE Low qt5-5.15.9-1.el9 0.00011 false
CVE-2025-23050 Anchore CVE Low qt5-srpm-macros-5.15.9-1.el9 0.00011 false
CVE-2025-40909 Twistlock CVE Medium perl-0:5.32.1-481.1.el9_6 0.00009 false

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=security-compass/sd-elements/exim&tag=0.1.20-9.6-001&branch=master

Tasks

Contributor:

  • Apply the StatusReview label to this issue for a merge request review and wait for feedback

OR

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue for a VAT justifications review and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Review or Verification label will be removed and the issue will be sent back to To-Do. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Review or Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by CHORE_TOKEN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI