Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OSS-203: Address CVEs for Java JNI Server Image from Twistlock Reports #2968

Closed
axsaucedo opened this issue Feb 16, 2021 — with Board Genius Sync · 1 comment · Fixed by #2981
Closed

OSS-203: Address CVEs for Java JNI Server Image from Twistlock Reports #2968

axsaucedo opened this issue Feb 16, 2021 — with Board Genius Sync · 1 comment · Fixed by #2981
Assignees
@adriangonz
Labels
bug
Milestone
1.7

Comments

@axsaucedo Board Genius Sync
Copy link
Contributor

Actionable Vulnerabilities: Implies there is a fixed version available for vulnerable package.

===========================================================================================================================================================================
Severity   CVSS       Type       CVE ID               Package                                       Version                                  status                                   Twistlock Severity   Link                                                                                                
===========================================================================================================================================================================
P2         9.8        OS         CVE-2019-5482        curl                                          7.64.0-4                                 fixed in 7.64.0-4+deb10u1                critical             https://security-tracker.debian.org/tracker/CVE-2019-5482                                           
P2         9.8        OS         CVE-2019-18224       libidn2                                       2.0.5-1                                  fixed in 2.0.5-1+deb10u1                 critical             https://security-tracker.debian.org/tracker/CVE-2019-18224                                          
P2         9.8        OS         CVE-2019-5481        curl                                          7.64.0-4                                 fixed in 7.64.0-4+deb10u1                critical             https://security-tracker.debian.org/tracker/CVE-2019-5481                                           
P2         8.8        OS         CVE-2020-29569       linux                                         4.19.132-1                               fixed in 4.19.171-2                      high                 https://security-tracker.debian.org/tracker/CVE-2020-29569                                          
P2         8.8        OS         CVE-2020-12351       linux                                         4.19.132-1                               fixed in 4.19.152-1                      high                 https://security-tracker.debian.org/tracker/CVE-2020-12351                                          
P2         8.6        OS         CVE-2020-10878       perl                                          5.28.1-6                                 fixed in 5.28.1-6+deb10u1                high                 https://security-tracker.debian.org/tracker/CVE-2020-10878                                          
P2         8.2        OS         CVE-2019-19770       linux                                         4.19.132-1                               fixed in 4.19.160-1                      high                 https://security-tracker.debian.org/tracker/CVE-2019-19770                                          
P2         8.2        OS         CVE-2020-10543       perl                                          5.28.1-6                                 fixed in 5.28.1-6+deb10u1                high                 https://security-tracker.debian.org/tracker/CVE-2020-10543                                          
P2         8.1        OS         CVE-2020-28374       linux                                         4.19.132-1                               fixed in 4.19.171-2                      high                 https://security-tracker.debian.org/tracker/CVE-2020-28374                                          
P2         7.8        OS         CVE-2019-0145        linux                                         4.19.132-1                               fixed in 4.19.146-1                      high                 https://security-tracker.debian.org/tracker/CVE-2019-0145                                           
P2         7.8        OS         CVE-2020-1712        systemd                                       241-7~deb10u2                            fixed in 241-7~deb10u4                   high                 https://security-tracker.debian.org/tracker/CVE-2020-1712                                           
P2         7.8        OS         CVE-2019-19377       linux                                         4.19.132-1                               fixed in 4.19.160-1                      high                 https://security-tracker.debian.org/tracker/CVE-2019-19377                                          
P2         7.8        OS         CVE-2019-19448       linux                                         4.19.132-1                               fixed in 4.19.146-1                      high                 https://security-tracker.debian.org/tracker/CVE-2019-19448                                          
P2         7.8        OS         CVE-2019-19816       linux                                         4.19.132-1                               fixed in 4.19.160-1                      high                 https://security-tracker.debian.org/tracker/CVE-2019-19816                                          
P2         7.8        OS         CVE-2020-29661       linux                                         4.19.132-1                               fixed in 4.19.171-2                      high                 https://security-tracker.debian.org/tracker/CVE-2020-29661                                          
P2         7.8        OS         CVE-2020-0465        linux                                         4.19.132-1                               fixed in 4.19.146-1                      high                 https://security-tracker.debian.org/tracker/CVE-2020-0465                                           
P2         7.8        OS         CVE-2020-0423        linux                                         4.19.132-1                               fixed in 4.19.160-1                      high                 https://security-tracker.debian.org/tracker/CVE-2020-0423                                           
P2         7.8        OS         CVE-2020-0466        linux                                         4.19.132-1                               fixed in 4.19.146-1                      high                 https://security-tracker.debian.org/tracker/CVE-2020-0466                                           
P2         7.8        OS         CVE-2020-14351       linux                                         4.19.132-1                               fixed in 4.19.160-1                      high                 https://security-tracker.debian.org/tracker/CVE-2020-14351                                          
P2         7.8        OS         CVE-2020-14356       linux                                         4.19.132-1                               fixed in 4.19.146-1                      high                 https://security-tracker.debian.org/tracker/CVE-2020-14356                                          
P2         7.8        OS         CVE-2020-14386       linux                                         4.19.132-1                               fixed in 4.19.146-1                      high                 https://security-tracker.debian.org/tracker/CVE-2020-14386                                          
P2         7.5        python     CVE-2020-5215        tensorflow                                    2.0.0b1                                  fixed in 2.0.1, 1.15.2                   high                 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5215                                      
P2         7.5        OS         CVE-2020-36221       openldap                                      2.4.47+dfsg-3+deb10u1                    fixed in 2.4.47+dfsg-3+deb10u5           high                 https://security-tracker.debian.org/tracker/CVE-2020-36221                                          
P2         7.5        OS         CVE-2020-36223       openldap                                      2.4.47+dfsg-3+deb10u1                    fixed in 2.4.47+dfsg-3+deb10u5           high                 https://security-tracker.debian.org/tracker/CVE-2020-36223                                          
P2         7.5        OS         CVE-2020-36224       openldap                                      2.4.47+dfsg-3+deb10u1                    fixed in 2.4.47+dfsg-3+deb10u5           high                 https://security-tracker.debian.org/tracker/CVE-2020-36224                                          
P2         7.5        OS         CVE-2020-36225       openldap                                      2.4.47+dfsg-3+deb10u1                    fixed in 2.4.47+dfsg-3+deb10u5           high                 https://security-tracker.debian.org/tracker/CVE-2020-36225                                          
P2         7.5        OS         CVE-2020-12723       perl                                          5.28.1-6                                 fixed in 5.28.1-6+deb10u1                high                 https://security-tracker.debian.org/tracker/CVE-2020-12723                                          
P2         7.5        OS         CVE-2020-25692       openldap                                      2.4.47+dfsg-3+deb10u1                    fixed in 2.4.47+dfsg-3+deb10u3           high                 https://security-tracker.debian.org/tracker/CVE-2020-25692                                          
P2         7.5        OS         CVE-2020-1967        openssl                                       1.1.1d-0+deb10u2                         fixed in 1.1.1d-0+deb10u3                high                 https://security-tracker.debian.org/tracker/CVE-2020-1967                                           
P2         7.5        OS         CVE-2020-36226       openldap                                      2.4.47+dfsg-3+deb10u1                    fixed in 2.4.47+dfsg-3+deb10u5           high                 https://security-tracker.debian.org/tracker/CVE-2020-36226                                          
P2         7.5        OS         CVE-2020-36227       openldap                                      2.4.47+dfsg-3+deb10u1                    fixed in 2.4.47+dfsg-3+deb10u5           high                 https://security-tracker.debian.org/tracker/CVE-2020-36227                                          
P2         7.5        OS         CVE-2020-29363       p11-kit                                       0.23.15-2                                fixed in 0.23.15-2+deb10u1               high                 https://security-tracker.debian.org/tracker/CVE-2020-29363                                          
P2         7.5        OS         CVE-2020-29361       p11-kit                                       0.23.15-2                                fixed in 0.23.15-2+deb10u1               high                 https://security-tracker.debian.org/tracker/CVE-2020-29361                                          
P2         7.5        OS         CVE-2020-36228       openldap                                      2.4.47+dfsg-3+deb10u1                    fixed in 2.4.47+dfsg-3+deb10u5           high                 https://security-tracker.debian.org/tracker/CVE-2020-36228                                          
P2         7.5        OS         CVE-2020-36229       openldap                                      2.4.47+dfsg-3+deb10u1                    fixed in 2.4.47+dfsg-3+deb10u5           high                 https://security-tracker.debian.org/tracker/CVE-2020-36229                                          
P2         7.5        OS         CVE-2020-36230       openldap                                      2.4.47+dfsg-3+deb10u1                    fixed in 2.4.47+dfsg-3+deb10u5           high                 https://security-tracker.debian.org/tracker/CVE-2020-36230                                          
P2         7.5        OS         CVE-2019-19061       linux                                         4.19.132-1                               fixed in 4.19.146-1                      high                 https://security-tracker.debian.org/tracker/CVE-2019-19061                                          
P2         7.5        OS         CVE-2020-5260        git                                           1:2.20.1-2+deb10u1                       fixed in 1:2.20.1-2+deb10u2              high                 https://security-tracker.debian.org/tracker/CVE-2020-5260                                           
P2         7.5        OS         CVE-2020-11008       git                                           1:2.20.1-2+deb10u1                       fixed in 1:2.20.1-2+deb10u3              high                 https://security-tracker.debian.org/tracker/CVE-2020-11008                                          
P2         7.5        OS         CVE-2020-12243       openldap                                      2.4.47+dfsg-3+deb10u1                    fixed in 2.4.47+dfsg-3+deb10u2           high                 https://security-tracker.debian.org/tracker/CVE-2020-12243                                          
P2         7.5        OS         CVE-2019-19074       linux                                         4.19.132-1                               fixed in 4.19.146-1                      high                 https://security-tracker.debian.org/tracker/CVE-2019-19074                                          
P2         7.5        OS         CVE-2019-19923       sqlite3                                       3.27.2-3                                 fixed in 3.27.2-3+deb10u1                high                 https://security-tracker.debian.org/tracker/CVE-2019-19923                                          
P2         7.5        OS         CVE-2019-19925       sqlite3                                       3.27.2-3                                 fixed in 3.27.2-3+deb10u1                high                 https://security-tracker.debian.org/tracker/CVE-2019-19925                                          
P2         7.5        OS         CVE-2019-19959       sqlite3                                       3.27.2-3                                 fixed in 3.27.2-3+deb10u1                high                 https://security-tracker.debian.org/tracker/CVE-2019-19959                                          
P2         7.5        OS         CVE-2019-20218       sqlite3                                       3.27.2-3                                 fixed in 3.27.2-3+deb10u1                high                 https://security-tracker.debian.org/tracker/CVE-2019-20218                                          
P2         7.5        OS         CVE-2020-36222       openldap                                      2.4.47+dfsg-3+deb10u1                    fixed in 2.4.47+dfsg-3+deb10u5           high                 https://security-tracker.debian.org/tracker/CVE-2020-36222                                          
P2         7.5        OS         CVE-2020-25645       linux                                         4.19.132-1                               fixed in 4.19.152-1                      high                 https://security-tracker.debian.org/tracker/CVE-2020-25645                                          
P2         7.5        OS         CVE-2020-28196       krb5                                          1.17-3                                   fixed in 1.17-3+deb10u1                  high                 https://security-tracker.debian.org/tracker/CVE-2020-28196                                          
P2         7.4        OS         CVE-2020-13777       gnutls28                                      3.6.7-4                                  fixed in 3.6.7-4+deb10u4                 high                 https://security-tracker.debian.org/tracker/CVE-2020-13777                                          
P2         7.4        OS         CVE-2020-11501       gnutls28                                      3.6.7-4                                  fixed in 3.6.7-4+deb10u3                 high                 https://security-tracker.debian.org/tracker/CVE-2020-11501                                          
P2         7.4        OS         CVE-2020-25705       linux                                         4.19.132-1                               fixed in 4.19.160-1                      high                 https://security-tracker.debian.org/tracker/CVE-2020-25705                                          
P2         7.2        OS         CVE-2020-25643       linux                                         4.19.132-1                               fixed in 4.19.152-1                      high                 https://security-tracker.debian.org/tracker/CVE-2020-25643                                          
P2         7          OS         CVE-2020-13630       sqlite3                                       3.27.2-3                                 fixed in 3.27.2-3+deb10u1                high                 https://security-tracker.debian.org/tracker/CVE-2020-13630                                          
P2         7          OS         CVE-2020-25212       linux                                         4.19.132-1                               fixed in 4.19.146-1                      high                 https://security-tracker.debian.org/tracker/CVE-2020-25212                                          
P3         6.7        OS         CVE-2019-5188        e2fsprogs                                     1.44.5-1+deb10u2                         fixed in 1.44.5-1+deb10u3                medium               https://security-tracker.debian.org/tracker/CVE-2019-5188                                           
P3         6.7        OS         CVE-2020-15780       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-15780                                          
P3         6.7        OS         CVE-2020-27777       linux                                         4.19.132-1                               fixed in 4.19.160-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-27777                                          
P3         6.7        OS         CVE-2020-36158       linux                                         4.19.132-1                               fixed in 4.19.171-2                      medium               https://security-tracker.debian.org/tracker/CVE-2020-36158                                          
P3         6.6        OS         CVE-2020-14331       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-14331                                          
P3         6.5        OS         CVE-2020-12352       linux                                         4.19.132-1                               fixed in 4.19.152-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-12352                                          
P3         6.5        OS         CVE-2019-3874        linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2019-3874                                           
P3         6.5        OS         CVE-2020-29568       linux                                         4.19.132-1                               fixed in 4.19.171-2                      medium               https://security-tracker.debian.org/tracker/CVE-2020-29568                                          
P3         6.5        OS         CVE-2021-3178        linux                                         4.19.132-1                               fixed in 4.19.171-1                      medium               https://security-tracker.debian.org/tracker/CVE-2021-3178                                           
P3         6.5        OS         CVE-2019-16168       sqlite3                                       3.27.2-3                                 fixed in 3.27.2-3+deb10u1                medium               https://security-tracker.debian.org/tracker/CVE-2019-16168                                          
P3         6.5        OS         CVE-2020-15999       freetype                                      2.9.1-3+deb10u1                          fixed in 2.9.1-3+deb10u2                 medium               https://security-tracker.debian.org/tracker/CVE-2020-15999                                          
P3         6.4        OS         CVE-2020-25285       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-25285                                          
P3         6          OS         CVE-2020-25211       linux                                         4.19.132-1                               fixed in 4.19.152-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-25211                                          
P3         5.9        OS         CVE-2020-1971        openssl                                       1.1.1d-0+deb10u2                         fixed in 1.1.1d-0+deb10u4                medium               https://security-tracker.debian.org/tracker/CVE-2020-1971                                           
P3         5.9        OS         CVE-2020-1971        openssl                                       1.1.1d-0+deb10u3                         fixed in 1.1.1d-0+deb10u4                medium               https://security-tracker.debian.org/tracker/CVE-2020-1971                                           
P3         5.8        OS         CVE-2020-28915       linux                                         4.19.132-1                               fixed in 4.19.152-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-28915                                          
P3         5.7        OS         CVE-2020-27825       linux                                         4.19.132-1                               fixed in 4.19.171-2                      medium               https://security-tracker.debian.org/tracker/CVE-2020-27825                                          
P3         5.7        OS         CVE-2020-27350       apt                                           1.8.2                                    fixed in 1.8.2.2                         medium               https://security-tracker.debian.org/tracker/CVE-2020-27350                                          
P3         5.6        OS         CVE-2020-14390       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-14390                                          
P3         5.5        OS         CVE-2020-25641       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-25641                                          
P3         5.5        OS         CVE-2020-15358       sqlite3                                       3.27.2-3                                 fixed in 3.27.2-3+deb10u1                medium               https://security-tracker.debian.org/tracker/CVE-2020-15358                                          
P3         5.5        OS         CVE-2020-13632       sqlite3                                       3.27.2-3                                 fixed in 3.27.2-3+deb10u1                medium               https://security-tracker.debian.org/tracker/CVE-2020-13632                                          
P3         5.5        OS         CVE-2020-13435       sqlite3                                       3.27.2-3                                 fixed in 3.27.2-3+deb10u1                medium               https://security-tracker.debian.org/tracker/CVE-2020-13435                                          
P3         5.5        OS         CVE-2020-25704       linux                                         4.19.132-1                               fixed in 4.19.160-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-25704                                          
P3         5.5        OS         CVE-2020-26088       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-26088                                          
P3         5.5        OS         CVE-2020-27673       linux                                         4.19.132-1                               fixed in 4.19.160-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-27673                                          
P3         5.5        OS         CVE-2020-28941       linux                                         4.19.132-1                               fixed in 4.19.160-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-28941                                          
P3         5.5        OS         CVE-2020-8694        linux                                         4.19.132-1                               fixed in 4.19.160-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-8694                                           
P3         5.5        OS         CVE-2020-14385       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-14385                                          
P3         5.5        OS         CVE-2020-14314       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-14314                                          
P3         5.5        OS         CVE-2020-10781       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-10781                                          
P3         5.5        OS         CVE-2019-19813       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2019-19813                                          
P3         5.5        OS         CVE-2019-19039       linux                                         4.19.132-1                               fixed in 4.19.160-1                      medium               https://security-tracker.debian.org/tracker/CVE-2019-19039                                          
P3         5.5        OS         CVE-2019-18808       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2019-18808                                          
P3         5.5        OS         CVE-2019-0149        linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2019-0149                                           
P3         5.5        OS         CVE-2019-0148        linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2019-0148                                           
P3         5.5        OS         CVE-2019-0147        linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2019-0147                                           
P3         5.5        OS         CVE-2020-3810        apt                                           1.8.2                                    fixed in 1.8.2.1                         medium               https://security-tracker.debian.org/tracker/CVE-2020-3810                                           
P3         5.5        OS         CVE-2019-0146        linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2019-0146                                           
P3         5.5        OS         CVE-2020-13434       sqlite3                                       3.27.2-3                                 fixed in 3.27.2-3+deb10u1                medium               https://security-tracker.debian.org/tracker/CVE-2020-13434                                          
P3         5.3        OS         CVE-2020-12888       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-12888                                          
P3         5.3        OS         CVE-2020-29362       p11-kit                                       0.23.15-2                                fixed in 0.23.15-2+deb10u1               medium               https://security-tracker.debian.org/tracker/CVE-2020-29362                                          
P3         5.3        python     CVE-2020-26266       tensorflow                                    2.0.0b1                                  fixed in 2.3.2, 2.2.2, 2.1.3,...         medium               https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26266                                     
P3         5          OS         CVE-2020-28974       linux                                         4.19.132-1                               fixed in 4.19.160-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-28974                                          
P3         4.7        OS         CVE-2020-27675       linux                                         4.19.132-1                               fixed in 4.19.160-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-27675                                          
P3         4.7        OS         CVE-2020-4788        linux                                         4.19.132-1                               fixed in 4.19.160-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-4788                                           
P3         4.7        OS         CVE-2019-19082       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2019-19082                                          
P3         4.7        OS         CVE-2019-19054       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2019-19054                                          
P3         4.4        OS         CVE-2020-15437       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-15437                                          
P3         4.4        OS         CVE-2020-29660       linux                                         4.19.132-1                               fixed in 4.19.171-2                      medium               https://security-tracker.debian.org/tracker/CVE-2020-29660                                          
P3         4.4        OS         CVE-2019-19318       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2019-19318                                          
P3         4.4        OS         CVE-2019-19072       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2019-19072                                          
P3         4.4        OS         CVE-2019-19067       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2019-19067                                          
P3         4.4        python     CVE-2020-26268       tensorflow                                    2.0.0b1                                  fixed in 2.3.2, 2.2.2, 2.1.3,...         medium               https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26268                                     
P3         4.1        OS         CVE-2020-25284       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-25284                                          
P3         4.1        OS         CVE-2020-25656       linux                                         4.19.132-1                               fixed in 4.19.160-1                      medium               https://security-tracker.debian.org/tracker/CVE-2020-25656                                          
P3         4          OS         CVE-2019-19073       linux                                         4.19.132-1                               fixed in 4.19.146-1                      medium               https://security-tracker.debian.org/tracker/CVE-2019-19073                                          
P4         3.7        OS         CVE-2020-16166       linux                                         4.19.132-1                               fixed in 4.19.146-1                      low                  https://security-tracker.debian.org/tracker/CVE-2020-16166                                          
P4         3.3        python     CVE-2020-26271       tensorflow                                    2.0.0b1                                  fixed in 2.3.2, 2.2.2, 2.1.3,...         low                  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26271                                     
P4         3.3        OS         CVE-2020-29371       linux                                         4.19.132-1                               fixed in 4.19.146-1                      low                  https://security-tracker.debian.org/tracker/CVE-2020-29371                                          
P4         3.3        python     CVE-2020-26270       tensorflow                                    2.0.0b1                                  fixed in 2.3.2, 2.2.2, 2.1.3,...         low                  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26270                                     
P2         0          python     PRISMA-2021-0014     Pillow                                        6.2.0                                    fixed in 8.1.0                           high                                                                                                                     
P4         0          OS         CVE-2020-25709       openldap                                      2.4.47+dfsg-3+deb10u1                    fixed in 2.4.47+dfsg-3+deb10u4           low                  https://security-tracker.debian.org/tracker/CVE-2020-25709                                          
P4         0          OS         CVE-2020-25710       openldap                                      2.4.47+dfsg-3+deb10u1                    fixed in 2.4.47+dfsg-3+deb10u4           low                  https://security-tracker.debian.org/tracker/CVE-2020-25710                                          
P4         0          OS         CVE-2021-3347        linux                                         4.19.132-1                               fixed in 4.19.171-2                      low                  https://security-tracker.debian.org/tracker/CVE-2021-3347                                           
P4         0          OS         CVE-2021-20177       linux                                         4.19.132-1                               fixed in 4.19.171-2                      low                  https://security-tracker.debian.org/tracker/CVE-2021-20177                                          
P4         0          OS         CVE-2020-27830       linux                                         4.19.132-1                               fixed in 4.19.171-2                      low                  https://security-tracker.debian.org/tracker/CVE-2020-27830                                          
P4         0          OS         CVE-2020-27815       linux                                         4.19.132-1                               fixed in 4.19.171-2                      low                  https://security-tracker.debian.org/tracker/CVE-2020-27815                                          
P4         0          OS         CVE-2020-25669       linux                                         4.19.132-1                               fixed in 4.19.160-1                      low                  https://security-tracker.debian.org/tracker/CVE-2020-25669                                          
P4         0          OS         CVE-2020-25668       linux                                         4.19.132-1                               fixed in 4.19.160-1                      low                  https://security-tracker.debian.org/tracker/CVE-2020-25668                                          
P4         0          OS         CVE-2020-24490       linux                                         4.19.132-1                               fixed in 4.19.146-1                      low                  https://security-tracker.debian.org/tracker/CVE-2020-24490                                          
=========================================================================================================
P1         P2         P3         P4        
0          55         57         13        
=========================================================================================================
@axsaucedo axsaucedo added bug triage Needs to be triaged and prioritised accordingly labels Feb 16, 2021
@adriangonz adriangonz self-assigned this Feb 16, 2021
@adriangonz adriangonz added this to the 1.7 milestone Feb 16, 2021
@ukclivecox ukclivecox removed the triage Needs to be triaged and prioritised accordingly label Feb 18, 2021
@adriangonz adriangonz mentioned this issue Feb 22, 2021
Merged
@axsaucedo
Copy link
Contributor Author

axsaucedo commented Mar 8, 2021
edited
Loading

We got the results and seems there are still a couple outstanding so reopening:

--------------------------
===========================================================================================================================================================================
Severity   CVSS       Type       CVE ID               Package                                       Version                                  status                                   Twistlock Severity   Link                                                                                                
===========================================================================================================================================================================
P2         7.5        python     CVE-2020-5215        tensorflow                                    2.0.0b1                                  fixed in 2.0.1, 1.15.2                   high                 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5215                                      
P2         7.5        python     CVE-2020-29651       py                                            1.8.0                                    fixed in 1.10.0                          high                 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29651                                     
P3         5.3        python     CVE-2020-26266       tensorflow                                    2.0.0b1                                  fixed in 2.3.2, 2.2.2, 2.1.3,...         medium               https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26266                                     
P3         4.4        python     CVE-2020-26268       tensorflow                                    2.0.0b1                                  fixed in 2.3.2, 2.2.2, 2.1.3,...         medium               https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26268                                     
P4         3.3        python     CVE-2020-26270       tensorflow                                    2.0.0b1                                  fixed in 2.3.2, 2.2.2, 2.1.3,...         low                  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26270                                     
P4         3.3        python     CVE-2020-26271       tensorflow                                    2.0.0b1                                  fixed in 2.3.2, 2.2.2, 2.1.3,...         low                  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26271                                     
P2         0          python     PRISMA-2021-0014     Pillow                                        6.2.0                                    fixed in 8.1.0                           high                                                                                                                     
=========================================================================================================
P1         P2         P3         P4        
0          3          2          2         
=========================================================================================================

Non Actionable Vulnerabilities: There is either: no fix available, the fix has been deferred (expected to be available in the future), or will not be fixed.
------------------------------
===========================================================================================================================================================================
Severity   CVSS       Type       CVE ID               Package                                       Version                                  status                                   Twistlock Severity   Link                                                                                                
===========================================================================================================================================================================
P2         7.5        python     CVE-2020-13949       thrift                                        0.13.0                                   unknown                                  high                 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13949                                     
=========================================================================================================
P1         P2         P3         P4        
0          1          0          0         
=========================================================================================================

@axsaucedo axsaucedo reopened this Mar 8, 2021
@axsaucedo axsaucedo changed the title Address CVEs for Java JNI Server Image from Twistlock Reports OSS-203: Address CVEs for Java JNI Server Image from Twistlock Reports Apr 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adriangonz adriangonz

Labels
bug
Projects
None yet
Milestone
1.7
Development

Successfully merging a pull request may close this issue.

Change version of JNI build image adriangonz/seldon-core
3 participants
@axsaucedo @adriangonz @ukclivecox