go: downloading github.com/konflux-ci/build-service v0.0.0-20240611083846-2dee6cfe6fe4 go: downloading github.com/devfile/library/v2 v2.2.1-0.20230418160146-e75481b7eebd go: downloading k8s.io/api v0.34.2 go: downloading github.com/konflux-ci/release-service v0.0.0-20260127184035-c36c56a3c440 go: downloading k8s.io/apimachinery v0.34.2 go: downloading github.com/konflux-ci/application-api v0.0.0-20260312190025-5154ad273e17 go: downloading github.com/onsi/gomega v1.39.1 go: downloading github.com/openshift/oc v0.0.0-alpha.0.0.20220614012638-35c7eeb5274e go: downloading github.com/tektoncd/pipeline v1.7.0 go: downloading github.com/konflux-ci/e2e-tests v0.0.0-20260428105747-f0b222ad8cb6 go: downloading github.com/google/go-github/v66 v66.0.0 go: downloading github.com/go-logr/logr v1.4.3 go: downloading golang.org/x/sys v0.42.0 go: downloading github.com/google/go-containerregistry v0.20.7 go: downloading github.com/openshift-pipelines/pipelines-as-code v0.34.0 go: downloading github.com/openshift/api v0.0.0-20260320151444-324a1bcb9f55 go: downloading golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 go: downloading gopkg.in/yaml.v2 v2.4.0 go: downloading k8s.io/client-go v0.34.2 go: downloading k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 go: downloading knative.dev/pkg v0.0.0-20250424013628-d5e74d29daa3 go: downloading sigs.k8s.io/controller-runtime v0.20.2 go: downloading sigs.k8s.io/yaml v1.6.0 go: downloading github.com/bradleyfalzon/ghinstallation/v2 v2.17.0 go: downloading github.com/google/go-github/v45 v45.2.0 go: downloading golang.org/x/oauth2 v0.34.0 go: downloading github.com/prometheus/client_golang v1.23.2 go: downloading github.com/google/go-cmp v0.7.0 go: downloading k8s.io/apiextensions-apiserver v0.34.2 go: downloading github.com/fatih/color v1.18.0 go: downloading github.com/go-git/go-git/v5 v5.16.5 go: downloading github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 go: downloading github.com/gobwas/glob v0.2.3 go: downloading github.com/pkg/errors v0.9.1 go: downloading k8s.io/klog v1.0.0 go: downloading github.com/hashicorp/go-multierror v1.1.1 go: downloading github.com/operator-framework/operator-lib v0.19.0 go: downloading github.com/konflux-ci/operator-toolkit v0.0.0-20260312101100-d4e398191a68 go: downloading github.com/google/go-querystring v1.2.0 go: downloading github.com/konflux-ci/image-controller v0.0.0-20240530145826-3296e4996f6f go: downloading github.com/xanzy/go-gitlab v0.114.0 go: downloading k8s.io/klog/v2 v2.130.1 go: downloading github.com/avast/retry-go/v4 v4.3.3 go: downloading github.com/docker/cli v29.0.3+incompatible go: downloading github.com/magefile/mage v1.14.0 go: downloading github.com/mitchellh/go-homedir v1.1.0 go: downloading github.com/moby/buildkit v0.12.5 go: downloading github.com/openshift/library-go v0.0.0-20220525173854-9b950a41acdc go: downloading k8s.io/cli-runtime v0.34.2 go: downloading github.com/gogo/protobuf v1.3.2 go: downloading sigs.k8s.io/structured-merge-diff/v6 v6.3.2 go: downloading gopkg.in/inf.v0 v0.9.1 go: downloading sigs.k8s.io/randfill v1.0.0 go: downloading go.yaml.in/yaml/v3 v3.0.4 go: downloading golang.org/x/net v0.52.0 go: downloading github.com/fsnotify/fsnotify v1.9.0 go: downloading github.com/spf13/afero v1.15.0 go: downloading github.com/golang-jwt/jwt/v4 v4.5.2 go: downloading github.com/google/go-github/v75 v75.0.0 go: downloading go.yaml.in/yaml/v2 v2.4.4 go: downloading github.com/mattn/go-colorable v0.1.14 go: downloading github.com/mattn/go-isatty v0.0.20 go: downloading github.com/peterbourgon/diskv v2.0.1+incompatible go: downloading codeberg.org/mvdkleijn/forgejo-sdk/forgejo/v2 v2.2.0 go: downloading github.com/gofri/go-github-ratelimit v1.0.3-0.20230428184158-a500e14de53f go: downloading github.com/codeready-toolchain/api v0.0.0-20231217224957-34f7cb3fcbf7 go: downloading github.com/conforma/crds/api v0.1.7 go: downloading github.com/konflux-ci/integration-service v0.0.0-20260330012634-6190adb9bbce go: downloading github.com/openshift/client-go v0.0.0-20260108185524-48f4ccfc4e13 go: downloading github.com/redhat-appstudio/jvm-build-service v0.0.0-20240126122210-0e2ee7e2e5b0 go: downloading github.com/vmware-tanzu/velero v1.17.2 go: downloading github.com/evanphx/json-patch/v5 v5.9.11 go: downloading github.com/codeready-toolchain/toolchain-common v0.0.0-20220523142428-2558e76260fb go: downloading github.com/codeready-toolchain/toolchain-e2e v0.0.0-20220525131508-60876bfb99d3 go: downloading github.com/opencontainers/go-digest v1.0.0 go: downloading github.com/bmatcuk/doublestar/v4 v4.7.1 go: downloading github.com/hashicorp/errwrap v1.1.0 go: downloading github.com/opencontainers/image-spec v1.1.1 go: downloading oras.land/oras-go/v2 v2.5.0 go: downloading github.com/tektoncd/cli v0.43.0 go: downloading github.com/beorn7/perks v1.0.1 go: downloading github.com/cespare/xxhash/v2 v2.3.0 go: downloading github.com/prometheus/client_model v0.6.2 go: downloading github.com/prometheus/common v0.67.5 go: downloading github.com/prometheus/procfs v0.19.2 go: downloading google.golang.org/protobuf v1.36.11 go: downloading sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 go: downloading golang.org/x/crypto v0.49.0 go: downloading github.com/json-iterator/go v1.1.12 go: downloading github.com/hashicorp/go-cleanhttp v0.5.2 go: downloading golang.org/x/time v0.15.0 go: downloading github.com/hashicorp/go-retryablehttp v0.7.8 go: downloading github.com/google/uuid v1.6.0 go: downloading github.com/spf13/cobra v1.10.2 go: downloading github.com/spf13/pflag v1.0.10 go: downloading gopkg.in/evanphx/json-patch.v4 v4.13.0 go: downloading github.com/docker/distribution v2.8.2+incompatible go: downloading github.com/docker/go-units v0.5.0 go: downloading k8s.io/kubectl v0.34.2 go: downloading github.com/docker/docker v23.0.7+incompatible go: downloading github.com/aws/aws-sdk-go v1.55.8 go: downloading github.com/containers/image/v5 v5.29.3 go: downloading dario.cat/mergo v1.0.2 go: downloading github.com/ProtonMail/go-crypto v1.3.0 go: downloading github.com/go-git/go-billy/v5 v5.7.0 go: downloading github.com/sergi/go-diff v1.4.0 go: downloading golang.org/x/text v0.35.0 go: downloading gomodules.xyz/jsonpatch/v2 v2.5.0 go: downloading github.com/google/btree v1.1.3 go: downloading k8s.io/kube-openapi v0.0.0-20260330154417-16be699c7b31 go: downloading github.com/42wim/httpsig v1.2.3 go: downloading github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e go: downloading github.com/hashicorp/go-version v1.7.0 go: downloading github.com/sirupsen/logrus v1.9.3 go: downloading github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 go: downloading github.com/google/cel-go v0.26.1 go: downloading github.com/fxamacker/cbor/v2 v2.9.0 go: downloading github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de go: downloading github.com/moby/term v0.5.2 go: downloading github.com/google/gnostic-models v0.7.1 go: downloading sigs.k8s.io/kustomize/api v0.20.1 go: downloading sigs.k8s.io/kustomize/kyaml v0.20.1 go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 go: downloading github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd go: downloading github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee go: downloading golang.org/x/term v0.41.0 go: downloading github.com/pjbgf/sha1cd v0.5.0 go: downloading github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 go: downloading github.com/emirpasic/gods v1.18.1 go: downloading github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 go: downloading github.com/containerd/typeurl/v2 v2.2.2 go: downloading github.com/docker/docker-credential-helpers v0.9.3 go: downloading github.com/klauspost/compress v1.18.2 go: downloading github.com/cyphar/filepath-securejoin v0.3.6 go: downloading github.com/containerd/stargz-snapshotter/estargz v0.18.1 go: downloading github.com/x448/float16 v0.8.4 go: downloading github.com/gorilla/mux v1.8.0 go: downloading gopkg.in/warnings.v0 v0.1.2 go: downloading cel.dev/expr v0.25.1 go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20260406210006-6f92a3bedf2d go: downloading github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 go: downloading github.com/skeema/knownhosts v1.3.2 go: downloading github.com/kevinburke/ssh_config v1.4.0 go: downloading github.com/xanzy/ssh-agent v0.3.3 go: downloading github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc go: downloading k8s.io/component-base v0.34.2 go: downloading github.com/MakeNowJust/heredoc v1.0.0 go: downloading github.com/mitchellh/go-wordwrap v1.0.1 go: downloading github.com/russross/blackfriday/v2 v2.1.0 go: downloading github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 go: downloading github.com/containers/ocicrypt v1.1.10 go: downloading github.com/containers/storage v1.51.0 go: downloading contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20230502190836-7399e0f8ee5e go: downloading contrib.go.opencensus.io/exporter/prometheus v0.4.2 go: downloading go.opencensus.io v0.24.0 go: downloading go.uber.org/zap v1.27.1 go: downloading google.golang.org/grpc v1.79.3 go: downloading github.com/emicklei/go-restful/v3 v3.13.0 go: downloading github.com/go-openapi/jsonreference v0.21.5 go: downloading github.com/go-openapi/swag v0.25.5 go: downloading github.com/cloudflare/circl v1.6.3 go: downloading github.com/docker/go-metrics v0.0.1 go: downloading github.com/stoewer/go-strcase v1.3.1 go: downloading github.com/antlr4-go/antlr/v4 v4.13.1 go: downloading github.com/vbatts/tar-split v0.12.2 go: downloading github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 go: downloading github.com/blang/semver/v4 v4.0.0 go: downloading github.com/go-errors/errors v1.5.1 go: downloading github.com/blang/semver v3.5.1+incompatible go: downloading github.com/chai2010/gettext-go v1.0.3 go: downloading github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 go: downloading github.com/prometheus/statsd_exporter v0.28.0 go: downloading github.com/census-instrumentation/opencensus-proto v0.4.1 go: downloading github.com/golang/protobuf v1.5.4 go: downloading google.golang.org/api v0.262.0 go: downloading github.com/klauspost/cpuid/v2 v2.3.0 go: downloading github.com/blendle/zapdriver v1.3.1 go: downloading go.uber.org/multierr v1.11.0 go: downloading github.com/go-openapi/jsonpointer v0.22.5 go: downloading github.com/go-openapi/swag/cmdutils v0.25.5 go: downloading github.com/go-openapi/swag/conv v0.25.5 go: downloading github.com/go-openapi/swag/fileutils v0.25.5 go: downloading github.com/go-openapi/swag/jsonname v0.25.5 go: downloading github.com/go-openapi/swag/jsonutils v0.25.5 go: downloading github.com/go-openapi/swag/loading v0.25.5 go: downloading github.com/go-openapi/swag/mangling v0.25.5 go: downloading github.com/go-openapi/swag/netutils v0.25.5 go: downloading github.com/go-openapi/swag/stringutils v0.25.5 go: downloading github.com/go-openapi/swag/typeutils v0.25.5 go: downloading github.com/go-openapi/swag/yamlutils v0.25.5 go: downloading github.com/BurntSushi/toml v1.4.0 go: downloading github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 go: downloading github.com/xlab/treeprint v1.2.0 go: downloading github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.6 go: downloading github.com/opencontainers/runtime-spec v1.2.0 go: downloading github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 go: downloading github.com/opencontainers/runc v1.1.14 go: downloading github.com/moby/sys/sequential v0.5.0 go: downloading github.com/moby/patternmatcher v0.5.0 go: downloading github.com/containerd/containerd v1.7.25 go: downloading github.com/moby/spdystream v0.5.0 go: downloading github.com/moby/sys/mountinfo v0.7.2 go: downloading github.com/docker/go-connections v0.5.0 go: downloading github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f go: downloading github.com/morikuni/aec v1.0.0 go: downloading github.com/moby/sys/userns v0.1.0 go: downloading github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 Running Suite: Build Service E2E - /workspace/source/test/e2e ============================================================= Random Seed: 1777467910 Will run 147 of 154 specs Running in parallel across 10 processes ------------------------------ • [13.250 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace creates component with context directory go-component [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:106 Timeline >> Image repository for component go-component-tdmksj in namespace build-e2e-fhve do not have right state ('' != 'ready') yet but it has status { { } { } []}. << Timeline ------------------------------ • [13.997 seconds] [build-service-suite Build service E2E tests] test build secret lookup when two secrets are created creates first component [build-service, github, pac-build, secret-lookup] /workspace/source/test/e2e/secret_lookup.go:123 ------------------------------ • [20.134 seconds] [build-service-suite Build service E2E tests] test build secret lookup when two secrets are created creates second component [build-service, github, pac-build, secret-lookup] /workspace/source/test/e2e/secret_lookup.go:140 Timeline >> Image repository for component component-two-yang in namespace build-e2e-zjqc do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component component-two-yang in namespace build-e2e-zjqc do not have right state ('' != 'ready') yet but it has status { { } { } []}. << Timeline ------------------------------ • [0.065 seconds] [build-service-suite Build service E2E tests] test build secret lookup when two secrets are created check first component annotation has errors [build-service, github, pac-build, secret-lookup] /workspace/source/test/e2e/secret_lookup.go:158 Timeline >> build status annotation value: {"pac":{"state":"error","error-id":74,"error-message":"74: Access token is unrecognizable by GitHub"},"message":"done"} << Timeline ------------------------------ • [37.826 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace creates component with nudges [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:235 Timeline >> ReleaseAdmissionPlan data: {"Mapping":{"Components":[{"Name":"gh-multi-component-parent-wvpz","Repository":"quay.io/redhat-appstudio-qe/release-repository"}]}}Image repository for component gh-multi-component-child-wvpz in namespace build-e2e-gixz do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component gh-multi-component-child-wvpz in namespace build-e2e-gixz do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component gh-multi-component-parent-wvpz in namespace build-e2e-gixz do not have right state ('' != 'ready') yet but it has status { { } { } []}. << Timeline ------------------------------ • [41.604 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new component without specified branch is created and with visibility private correctly targets the default branch (that is not named 'main') with PaC [build-service, github-webhook, pac-build, pipeline, image-controller, github, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:137 Timeline >> Image repository for component gh-test-custom-default-dmgtqk in namespace build-e2e-hnsf do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component gh-test-custom-default-dmgtqk in namespace build-e2e-hnsf do not have right state ('' != 'ready') yet but it has status { { } { } []}. << Timeline ------------------------------ • [0.137 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new component without specified branch is created and with visibility private workspace parameter is set correctly in PaC repository CR [build-service, github-webhook, pac-build, pipeline, image-controller, github, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:154 ------------------------------ • [50.353 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace creates component with nudges [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:235 Timeline >> ReleaseAdmissionPlan data: {"Mapping":{"Components":[{"Name":"fj-multi-component-parent-geul","Repository":"quay.io/redhat-appstudio-qe/release-repository"}]}}Image repository for component fj-multi-component-child-geul in namespace build-e2e-xdjh do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component fj-multi-component-child-geul in namespace build-e2e-xdjh do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component fj-multi-component-parent-geul in namespace build-e2e-xdjh do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component fj-multi-component-parent-geul in namespace build-e2e-xdjh do not have right state ('' != 'ready') yet but it has status { { } { } []}. << Timeline ------------------------------ • [58.237 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new component without specified branch is created and with visibility private correctly targets the default branch (that is not named 'main') with PaC [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:137 Timeline >> Image repository for component fj-test-custom-default-knyvrf in namespace build-e2e-alcd do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component fj-test-custom-default-knyvrf in namespace build-e2e-alcd do not have right state ('' != 'ready') yet but it has status { { } { } []}. << Timeline ------------------------------ • [0.836 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new component without specified branch is created and with visibility private workspace parameter is set correctly in PaC repository CR [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:154 ------------------------------ • [20.511 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new component without specified branch is created and with visibility private triggers a PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, github, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:176 Timeline >> PipelineRun has not been created yet for the component build-e2e-hnsf/gh-test-custom-branch-ogpinj << Timeline ------------------------------ • [0.000 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new component without specified branch is created and with visibility private build pipeline uses the correct serviceAccount [build-service, github-webhook, pac-build, pipeline, image-controller, github, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:191 ------------------------------ • [0.065 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new component without specified branch is created and with visibility private component build status is set correctly [build-service, github-webhook, pac-build, pipeline, image-controller, github, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:195 Timeline >> build status annotation value: {"pac":{"state":"enabled","merge-url":"https://github.com/redhat-appstudio-qe/devfile-sample-hello-world-wswgie/pull/1","configuration-time":"Wed, 29 Apr 2026 13:10:05 UTC"},"message":"done"} state: enabled mergeUrl: https://github.com/redhat-appstudio-qe/devfile-sample-hello-world-wswgie/pull/1 errId: 0 errMessage: configurationTime: Wed, 29 Apr 2026 13:10:05 UTC << Timeline ------------------------------ • [1.339 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new component without specified branch is created and with visibility private image repo and robot account created successfully [build-service, github-webhook, pac-build, pipeline, image-controller, github, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:225 ------------------------------ • [0.559 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new component without specified branch is created and with visibility private created image repo is private [build-service, github-webhook, pac-build, pipeline, image-controller, github, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:243 ------------------------------ • [71.912 seconds] [build-service-suite Build service E2E tests] test build annotations when component is created with invalid build request annotations handles invalid request annotation [build-service, github, annotations] /workspace/source/test/e2e/annotations.go:89 Timeline >> Image repository for component test-annotations-zjtnbx in namespace build-e2e-qura do not have right state ('' != 'ready') yet but it has status { { } { } []}. build status annotation value: {"message":"unexpected build request: foo"} << Timeline ------------------------------ • [25.070 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new component without specified branch is created and with visibility private triggers a PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:176 Timeline >> PipelineRun has not been created yet for the component build-e2e-alcd/fj-test-custom-branch-uwtimy << Timeline ------------------------------ • [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new component without specified branch is created and with visibility private build pipeline uses the correct serviceAccount [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:191 ------------------------------ • [0.340 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new component without specified branch is created and with visibility private component build status is set correctly [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:195 Timeline >> build status annotation value: {"pac":{"state":"enabled","merge-url":"https://codeberg.org/konflux-qe/devfile-sample-hello-world-cncwsm/pulls/1","configuration-time":"Wed, 29 Apr 2026 13:10:24 UTC"},"message":"done"} state: enabled mergeUrl: https://codeberg.org/konflux-qe/devfile-sample-hello-world-cncwsm/pulls/1 errId: 0 errMessage: configurationTime: Wed, 29 Apr 2026 13:10:24 UTC << Timeline ------------------------------ • [1.446 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new component without specified branch is created and with visibility private image repo and robot account created successfully [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:225 ------------------------------ • [0.310 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new component without specified branch is created and with visibility private created image repo is private [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:243 ------------------------------ • [81.449 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace triggers a PipelineRun for component go-component-tdmksj [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:125 Timeline >> PipelineRun has not been created yet for the component build-e2e-fhve/go-component-tdmksj PipelineRun has not been created yet for the component build-e2e-fhve/go-component-tdmksj PipelineRun has not been created yet for the component build-e2e-fhve/go-component-tdmksj PipelineRun has not been created yet for the component build-e2e-fhve/go-component-tdmksj << Timeline ------------------------------ • [0.408 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace should lead to a PaC PR creation for component go-component-tdmksj [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:140 ------------------------------ • [36.506 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new component without specified branch is created and with visibility private a related PipelineRun should be deleted after deleting the component [build-service, github-webhook, pac-build, pipeline, image-controller, github, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:249 ------------------------------ • [0.183 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new component without specified branch is created and with visibility private PR branch should not exist in the repo [build-service, github-webhook, pac-build, pipeline, image-controller, github, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:264 ------------------------------ • [0.855 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new component without specified branch is created and with visibility private related image repo and the robot account should be deleted after deleting the component [build-service, github-webhook, pac-build, pipeline, image-controller, github, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:277 ------------------------------ • [106.127 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace creates component with nudges [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:235 Timeline >> ReleaseAdmissionPlan data: {"Mapping":{"Components":[{"Name":"gl-multi-component-parent-wgkl","Repository":"quay.io/redhat-appstudio-qe/release-repository"}]}}Image repository for component gl-multi-component-child-wgkl in namespace build-e2e-wmpz do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component gl-multi-component-parent-wgkl in namespace build-e2e-wmpz do not have right state ('' != 'ready') yet but it has status { { } { } []}. << Timeline ------------------------------ • [80.720 seconds] [build-service-suite Build service E2E tests] test build secret lookup when two secrets are created triggered PipelineRun is for component [build-service, github, pac-build, secret-lookup] /workspace/source/test/e2e/secret_lookup.go:178 Timeline >> PipelineRun has not been created yet for the component build-e2e-zjqc/component-two-yang PipelineRun has not been created yet for the component build-e2e-zjqc/component-two-yang PipelineRun has not been created yet for the component build-e2e-zjqc/component-two-yang PipelineRun has not been created yet for the component build-e2e-zjqc/component-two-yang << Timeline ------------------------------ • [80.623 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace triggers a PipelineRun for parent component [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:259 Timeline >> PipelineRun has not been created yet for the component build-e2e-xdjh/fj-multi-component-parent-geul PipelineRun has not been created yet for the component build-e2e-xdjh/fj-multi-component-parent-geul PipelineRun has not been created yet for the component build-e2e-xdjh/fj-multi-component-parent-geul PipelineRun has not been created yet for the component build-e2e-xdjh/fj-multi-component-parent-geul << Timeline ------------------------------ • [48.380 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new component without specified branch is created and with visibility private a related PipelineRun should be deleted after deleting the component [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:249 ------------------------------ • [0.164 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new component without specified branch is created and with visibility private PR branch should not exist in the repo [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:264 ------------------------------ • [134.919 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private correctly targets the default branch (that is not named 'main') with PaC [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:137 Timeline >> Image repository for component gl-test-custom-default-vtvyko in namespace build-e2e-viij do not have right state ('' != 'ready') yet but it has status { { } { } []}. << Timeline ------------------------------ • [0.508 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private workspace parameter is set correctly in PaC repository CR [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:154 ------------------------------ • [1.012 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new component without specified branch is created and with visibility private related image repo and the robot account should be deleted after deleting the component [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:277 ------------------------------ • [115.667 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace triggers a PipelineRun for parent component [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:259 Timeline >> PipelineRun has not been created yet for the component build-e2e-gixz/gh-multi-component-parent-wvpz PipelineRun has not been created yet for the component build-e2e-gixz/gh-multi-component-parent-wvpz PipelineRun has not been created yet for the component build-e2e-gixz/gh-multi-component-parent-wvpz PipelineRun has not been created yet for the component build-e2e-gixz/gh-multi-component-parent-wvpz PipelineRun has not been created yet for the component build-e2e-gixz/gh-multi-component-parent-wvpz << Timeline ------------------------------ • [47.962 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private triggers a PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:176 Timeline >> PipelineRun has not been created yet for the component build-e2e-viij/gl-test-custom-branch-htpzja << Timeline ------------------------------ • [0.000 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private build pipeline uses the correct serviceAccount [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:191 ------------------------------ • [0.069 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private component build status is set correctly [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:195 Timeline >> build status annotation value: {"pac":{"state":"enabled","merge-url":"https://gitlab.com/konflux-qe/devfile-sample-hello-world-eklduq/-/merge_requests/1","configuration-time":"Wed, 29 Apr 2026 13:11:40 UTC"},"message":"done"} state: enabled mergeUrl: https://gitlab.com/konflux-qe/devfile-sample-hello-world-eklduq/-/merge_requests/1 errId: 0 errMessage: configurationTime: Wed, 29 Apr 2026 13:11:40 UTC << Timeline ------------------------------ • [1.061 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private image repo and robot account created successfully [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:225 ------------------------------ • [0.284 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private created image repo is private [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:243 ------------------------------ • [87.745 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace triggers a PipelineRun for parent component [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:259 Timeline >> PipelineRun has not been created yet for the component build-e2e-wmpz/gl-multi-component-parent-wgkl PipelineRun has not been created yet for the component build-e2e-wmpz/gl-multi-component-parent-wgkl PipelineRun has not been created yet for the component build-e2e-wmpz/gl-multi-component-parent-wgkl PipelineRun has not been created yet for the component build-e2e-wmpz/gl-multi-component-parent-wgkl << Timeline ------------------------------ • [104.093 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new Component with specified custom branch is created triggers a PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:327 Timeline >> Image repository for component gh-test-custom-branch-ogpinj in namespace build-e2e-hnsf do not have right state ('' != 'ready') yet but it has status { { } { } []}. PipelineRun has not been created yet for the component build-e2e-hnsf/gh-test-custom-branch-ogpinj PipelineRun has not been created yet for the component build-e2e-hnsf/gh-test-custom-branch-ogpinj PipelineRun has not been created yet for the component build-e2e-hnsf/gh-test-custom-branch-ogpinj PipelineRun has not been created yet for the component build-e2e-hnsf/gh-test-custom-branch-ogpinj << Timeline ------------------------------ • [0.235 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new Component with specified custom branch is created should lead to a PaC init PR creation [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:342 ------------------------------ • [36.819 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private a related PipelineRun should be deleted after deleting the component [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:249 ------------------------------ • [0.384 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private PR branch should not exist in the repo [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:264 ------------------------------ • [1.475 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private related image repo and the robot account should be deleted after deleting the component [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/test/e2e/pac_build.go:277 ------------------------------ • [90.839 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new Component with specified custom branch is created triggers a PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:327 Timeline >> Image repository for component fj-test-custom-branch-uwtimy in namespace build-e2e-alcd do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component fj-test-custom-branch-uwtimy in namespace build-e2e-alcd do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component fj-test-custom-branch-uwtimy in namespace build-e2e-alcd do not have right state ('' != 'ready') yet but it has status { { } { } []}. PipelineRun has not been created yet for the component build-e2e-alcd/fj-test-custom-branch-uwtimy PipelineRun has not been created yet for the component build-e2e-alcd/fj-test-custom-branch-uwtimy << Timeline ------------------------------ • [0.735 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new Component with specified custom branch is created should lead to a PaC init PR creation [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:342 ------------------------------ • [134.202 seconds] [build-service-suite Build service E2E tests] test build secret lookup when two secrets are created check only one pipelinerun should be triggered [build-service, github, pac-build, secret-lookup] /workspace/source/test/e2e/secret_lookup.go:193 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test build secret lookup when two secrets are created when second component is deleted, pac pr branch should not exist in the repo [build-service, github, pac-build, secret-lookup] /workspace/source/test/e2e/secret_lookup.go:206 ------------------------------ • [52.641 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created triggers a PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:327 Timeline >> Image repository for component gl-test-custom-branch-htpzja in namespace build-e2e-viij do not have right state ('' != 'ready') yet but it has status { { } { } []}. PipelineRun has not been created yet for the component build-e2e-viij/gl-test-custom-branch-htpzja << Timeline ------------------------------ • [0.296 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created should lead to a PaC init PR creation [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:342 ------------------------------ • [520.237 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new Component with specified custom branch is created the PipelineRun should eventually finish successfully [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:360 Timeline >> PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 found for Component build-e2e-hnsf/gh-test-custom-branch-ogpinj PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-d26f5 reason: Completed << Timeline ------------------------------ • [2.399 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new Component with specified custom branch is created image repo and robot account created successfully [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:365 ------------------------------ • [0.655 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new Component with specified custom branch is created created image repo is public [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:384 ------------------------------ • [1.129 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new Component with specified custom branch is created image tag is updated successfully [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:390 Timeline >> Image tag quay.io/redhat-appstudio-qe/build-e2e-hnsf/gh-test-custom-branch-ogpinj:on-pr-554d5f4097312204be94be4fe914d797f0fc3537 successfully found in Quay << Timeline ------------------------------ • [601.097 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace the PipelineRun should eventually finish successfully for parent component [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:274 Timeline >> PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj found for Component build-e2e-xdjh/fj-multi-component-parent-geul PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: ResolvingTaskRef PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: ResolvingTaskRef PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: ResolvingTaskRef PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: ResolvingTaskRef PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: ResolvingTaskRef PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: ResolvingTaskRef PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Running PipelineRun fj-multi-component-parent-geul-on-pull-request-gphwj reason: Completed << Timeline ------------------------------ • [0.068 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace the PipelineRun should eventually finish successfully for child component [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:285 Timeline >> PipelineRun fj-multi-component-child-geul-on-pull-request-647cf found for Component build-e2e-xdjh/fj-multi-component-child-geul PipelineRun fj-multi-component-child-geul-on-pull-request-647cf reason: Completed << Timeline ------------------------------ • [2.006 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new Component with specified custom branch is created should ensure pruning labels are set [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:416 ------------------------------ • [0.454 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace should lead to a PaC PR creation for child component [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:289 ------------------------------ • [0.525 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when a new Component with specified custom branch is created eventually leads to the PipelineRun status report at Checks tab [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:433 ------------------------------ • [580.375 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace the PipelineRun should eventually finish successfully for parent component [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:274 Timeline >> PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd found for Component build-e2e-gixz/gh-multi-component-parent-wvpz PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Running PipelineRun gh-multi-component-parent-wvpz-on-pull-request-r88jd reason: Completed << Timeline ------------------------------ • [0.425 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace the PipelineRun should eventually finish successfully for child component [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:285 Timeline >> PipelineRun gh-multi-component-child-wvpz-on-pull-request-t7x94 found for Component build-e2e-gixz/gh-multi-component-child-wvpz PipelineRun gh-multi-component-child-wvpz-on-pull-request-t7x94 reason: Completed << Timeline ------------------------------ • [540.573 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace the PipelineRun should eventually finish successfully for parent component [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:274 Timeline >> PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n found for Component build-e2e-wmpz/gl-multi-component-parent-wgkl PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Running PipelineRun gl-multi-component-parent-wgkl-on-pull-request-bhs4n reason: Completed << Timeline ------------------------------ • [0.205 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace should lead to a PaC PR creation for child component [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:289 ------------------------------ • [0.067 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace the PipelineRun should eventually finish successfully for child component [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:285 Timeline >> PipelineRun gl-multi-component-child-wgkl-on-pull-request-4dvxx found for Component build-e2e-wmpz/gl-multi-component-child-wgkl PipelineRun gl-multi-component-child-wgkl-on-pull-request-4dvxx reason: Completed << Timeline ------------------------------ • [0.276 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace should lead to a PaC PR creation for child component [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:289 ------------------------------ • [2.595 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace Merging the PaC PR should be successful for child component [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:307 Timeline >> merged result sha: 7994afcf75a5c4ba6aa1e5c48867d666fc6fd9aa for PR #1 << Timeline ------------------------------ • [1.655 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace Merging the PaC PR should be successful for child component [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:307 Timeline >> merged result sha: 38cd8055d7505f089d9641053edf2a05432ca855 for PR #1 << Timeline ------------------------------ • [2.238 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace Merging the PaC PR should be successful for child component [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:307 Timeline >> merged result sha: bdf4dc2bd8163618e600658fb7814d59fddd3fea for PR #1 << Timeline ------------------------------ • [6.489 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace create dockerfile and yaml manifest that references build and distribution repositories [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:318 ------------------------------ • [0.201 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace should lead to a PaC PR creation for parent component [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:358 ------------------------------ • [2.443 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace Merging the PaC PR should be successful for parent component [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:375 Timeline >> merged result sha: c9d27b2187204ebe6b990bf695f389fddc86a7a9 for PR #1 << Timeline ------------------------------ • [FAILED] [17.896 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace [It] create dockerfile and yaml manifest that references build and distribution repositories [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:318 [FAILED] Unexpected error: <*fmt.wrapError | 0xc000f606e0>: failed to create pull request: newIssue: NewIssue: "konflux-ci-qe-bot" posted 11 issues in under 30 minutes: rate limited { msg: "failed to create pull request: newIssue: NewIssue: \"konflux-ci-qe-bot\" posted 11 issues in under 30 minutes: rate limited", err: <*errors.errorString | 0xc000796570>{ s: "newIssue: NewIssue: \"konflux-ci-qe-bot\" posted 11 issues in under 30 minutes: rate limited", }, } occurred In [It] at: /workspace/source/test/e2e/renovate.go:337 @ 04/29/26 13:21:46.729 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace [It] should lead to a PaC PR creation for parent component [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:358 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/renovate.go:358 @ 04/29/26 13:21:59.475 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace [It] Merging the PaC PR should be successful for parent component [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:375 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/renovate.go:375 @ 04/29/26 13:21:59.475 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace [It] PR merge triggers PAC PipelineRun for parent component [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:385 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/renovate.go:385 @ 04/29/26 13:21:59.475 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace [It] PAC PipelineRun for parent component is successful [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:401 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/renovate.go:401 @ 04/29/26 13:21:59.476 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace [It] should lead to a nudge PR creation for child component [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:412 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/renovate.go:412 @ 04/29/26 13:21:59.476 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace [It] merging the PR should be successful for child component [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:429 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/renovate.go:429 @ 04/29/26 13:21:59.476 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace [It] Verify the nudge updated the contents [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:440 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/renovate.go:440 @ 04/29/26 13:21:59.477 ------------------------------ • [21.320 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is updated eventually leads to triggering another PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:458 Timeline >> created file sha: 26bfb528795d169cfbddada28279488bf7562136 PipelineRun has not been created yet for the component build-e2e-hnsf/gh-test-custom-branch-ogpinj << Timeline ------------------------------ • [0.227 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is updated should lead to a PaC init PR update [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:473 ------------------------------ • [20.784 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace PR merge triggers PAC PipelineRun for parent component [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:385 Timeline >> Push PipelineRun has not been created yet for the component build-e2e-gixz/gh-multi-component-parent-wvpz << Timeline ------------------------------ • [680.283 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace the PipelineRun should eventually finish successfully for component go-component-tdmksj [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:159 Timeline >> PipelineRun go-component-tdmksj-on-pull-request-pgrj9 found for Component build-e2e-fhve/go-component-tdmksj PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: ResolvingTaskRef PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Running PipelineRun go-component-tdmksj-on-pull-request-pgrj9 reason: Completed << Timeline ------------------------------ • [2.575 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace merging the PR should be successful [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:164 Timeline >> merged result sha: 6e6824495b91c55b1e66421aebff74793bba7b9b for PR #32720 << Timeline ------------------------------ • [20.740 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace leads to triggering on push PipelineRun [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:174 Timeline >> Push PipelineRun has not been created yet for the component build-e2e-fhve/go-component-tdmksj << Timeline ------------------------------ • [66.275 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace create dockerfile and yaml manifest that references build and distribution repositories [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:318 ------------------------------ • [0.262 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace should lead to a PaC PR creation for parent component [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:358 ------------------------------ • [1.489 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace Merging the PaC PR should be successful for parent component [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:375 Timeline >> merged result sha: 0c92f7626caa5c13657a859c7a59bae3689ee0e3 for PR #1 << Timeline ------------------------------ • [10.143 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace creates component with context directory python-component [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:106 Timeline >> Image repository for component python-component-libbop in namespace build-e2e-fhve do not have right state ('' != 'ready') yet but it has status { { } { } []}. << Timeline ------------------------------ • [540.203 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created the PipelineRun should eventually finish successfully [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:360 Timeline >> PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 found for Component build-e2e-viij/gl-test-custom-branch-htpzja PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 reason: Completed << Timeline ------------------------------ • [1.207 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created image repo and robot account created successfully [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:365 ------------------------------ • [0.453 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created created image repo is public [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:384 ------------------------------ • [0.578 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created image tag is updated successfully [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:390 Timeline >> Image tag quay.io/redhat-appstudio-qe/build-e2e-viij/gl-test-custom-branch-htpzja:on-pr-e48603e205b9ca571cd4571dc708eb8503c6aabf successfully found in Quay << Timeline ------------------------------ • [0.519 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created should ensure pruning labels are set [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:416 ------------------------------ • [0.621 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created eventually leads to the PipelineRun status report at Checks tab [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:433 ------------------------------ • [20.197 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace PR merge triggers PAC PipelineRun for parent component [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:385 Timeline >> Push PipelineRun has not been created yet for the component build-e2e-wmpz/gl-multi-component-parent-wgkl << Timeline ------------------------------ • [20.206 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace triggers a PipelineRun for component python-component-libbop [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:125 Timeline >> PipelineRun has not been created yet for the component build-e2e-fhve/python-component-libbop << Timeline ------------------------------ • [0.333 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace should lead to a PaC PR creation for component python-component-libbop [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:140 ------------------------------ • [21.657 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is updated eventually leads to triggering another PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:458 Timeline >> created file sha: d9d31bde935b40d0fe656589f4c8cd90fdcecc85 PipelineRun has not been created yet for the component build-e2e-viij/gl-test-custom-branch-htpzja << Timeline ------------------------------ • [0.181 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is updated should lead to a PaC init PR update [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:473 ------------------------------ • [360.192 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is updated PipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:492 Timeline >> PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw found for Component build-e2e-hnsf/gh-test-custom-branch-ogpinj PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-pull-request-6d7sw reason: Completed << Timeline ------------------------------ • [0.422 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is updated eventually leads to another update of a PR about the PipelineRun status report at Checks tab [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:497 ------------------------------ • [46.750 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged eventually leads to triggering another PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:523 Timeline >> merged result sha: ce919864120368e8797c5a98dca6e997e2b3bc0f PipelineRun has not been created yet for the component build-e2e-hnsf/gh-test-custom-branch-ogpinj << Timeline ------------------------------ • [680.215 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:539 Timeline >> PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj found for Component build-e2e-hnsf/gh-test-custom-branch-ogpinj PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: ResolvingTaskRef PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun has not been created yet for the Component build-e2e-hnsf/gh-test-custom-branch-ogpinj PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Running PipelineRun gh-test-custom-branch-ogpinj-on-push-kwrbj reason: Completed << Timeline ------------------------------ • [0.289 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged does not have expiration set [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:545 ------------------------------ • [120.946 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged After updating image visibility to private, it should not trigger another PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:560 Timeline >> waiting for one minute and expecting to not trigger a PipelineRun << Timeline ------------------------------ • [0.291 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged image repo is updated to private [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:590 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:595 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:631 ------------------------------ • [21.293 seconds] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the component is removed and recreated (with the same name in the same namespace) should no longer lead to a creation of a PaC PR [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/test/e2e/pac_build.go:701 Timeline >> Found purge PR with id: 3 << Timeline ------------------------------ • [FAILED] [1286.919 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace [It] PAC PipelineRun for parent component is successful [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:401 Timeline >> PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk found for Component build-e2e-wmpz/gl-multi-component-parent-wgkl PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-2zrhk reason: Failed attempt 1/3: PipelineRun "gl-multi-component-parent-wgkl-on-push-2zrhk" failed: pod: gl-multi-component-parent-wgkl-on-pull-request-bhs4n-init-pod | init container: prepare 2026/04/29 13:14:18 Entrypoint initialization pod: gl-multi-component-parent-wgkl-on-pull-request-bhs4n-init-pod | container step-init: time="2026-04-29T13:14:20Z" level=info msg="[param] enable: false" time="2026-04-29T13:14:20Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:14:20Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:14:20Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:14:20Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:14:20Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:14:21Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:14:21Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:14:21Z" level=info msg="[result] NO PROXY: " pod: gl-multi-component-parent-wgkl-on-push-2zrhk-init-pod | init container: prepare 2026/04/29 13:24:56 Entrypoint initialization pod: gl-multi-component-parent-wgkl-on-push-2zrhk-init-pod | container step-init: time="2026-04-29T13:25:02Z" level=info msg="[param] enable: false" time="2026-04-29T13:25:02Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:25:02Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:25:02Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:25:02Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:25:02Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:25:02Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:25:02Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:25:02Z" level=info msg="[result] NO PROXY: " New PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx found after retrigger for component build-e2e-wmpz/gl-multi-component-parent-wgkl PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx found for Component build-e2e-wmpz/gl-multi-component-parent-wgkl PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun has not been created yet for the Component build-e2e-wmpz/gl-multi-component-parent-wgkl PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: PipelineRunStopping PipelineRun gl-multi-component-parent-wgkl-on-push-tmwnx reason: Failed attempt 2/3: PipelineRun "gl-multi-component-parent-wgkl-on-push-tmwnx" failed: pod: gl-multi-component-parent-wgkl-on-pull-request-bhs4n-init-pod | init container: prepare 2026/04/29 13:14:18 Entrypoint initialization pod: gl-multi-component-parent-wgkl-on-pull-request-bhs4n-init-pod | container step-init: time="2026-04-29T13:14:20Z" level=info msg="[param] enable: false" time="2026-04-29T13:14:20Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:14:20Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:14:20Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:14:20Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:14:20Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:14:21Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:14:21Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:14:21Z" level=info msg="[result] NO PROXY: " pod: gl-multi-component-parent-wgkl-on-push-tmwnx-apply-tags-pod | init container: prepare 2026/04/29 13:40:35 Entrypoint initialization pod: gl-multi-component-parent-wgkl-on-push-tmwnx-apply-tags-pod | container step-apply-additional-tags: time="2026-04-29T13:40:57Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/build-e2e-wmpz/gl-multi-component-parent-wgkl:9f708701ae914afe7e630479eae3504646a9f905" time="2026-04-29T13:40:57Z" level=info msg="[param] digest: sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a" time="2026-04-29T13:40:57Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-04-29T13:40:58Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: gl-multi-component-parent-wgkl-on-push-tmwnx-clair-scan-pod | init container: prepare 2026/04/29 13:40:19 Entrypoint initialization pod: gl-multi-component-parent-wgkl-on-push-tmwnx-clair-scan-pod | init container: place-scripts 2026/04/29 13:40:33 Decoded script /tekton/scripts/script-0-6bnw9 2026/04/29 13:40:33 Decoded script /tekton/scripts/script-1-hp5pr 2026/04/29 13:40:33 Decoded script /tekton/scripts/script-2-2mrkr 2026/04/29 13:40:33 Decoded script /tekton/scripts/script-3-v9vnf pod: gl-multi-component-parent-wgkl-on-push-tmwnx-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-wmpz/gl-multi-component-parent-wgkl@sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a. pod: gl-multi-component-parent-wgkl-on-push-tmwnx-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-04-29T13:41:29Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"}] 2026-04-29T13:41:29Z INF libvuln initialized component=libvuln/New 2026-04-29T13:41:30Z INF registered configured scanners component=libindex/New 2026-04-29T13:41:30Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-04-29T13:41:30Z INF index request start component=libindex/Libindex.Index manifest=sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a 2026-04-29T13:41:30Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a 2026-04-29T13:41:30Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a state=CheckManifest 2026-04-29T13:41:30Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a state=FetchLayers 2026-04-29T13:41:31Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a state=FetchLayers 2026-04-29T13:41:31Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a state=FetchLayers 2026-04-29T13:41:31Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a state=ScanLayers 2026-04-29T13:41:32Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a state=ScanLayers 2026-04-29T13:41:32Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a state=IndexManifest 2026-04-29T13:41:32Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a state=IndexFinished 2026-04-29T13:41:32Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a state=IndexFinished 2026-04-29T13:41:32Z INF index request done component=libindex/Libindex.Index manifest=sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a { "manifest_hash": "sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a", "packages": { "+A7/nzEXX3Q/xJZ50VMnlQ==": { "id": "+A7/nzEXX3Q/xJZ50VMnlQ==", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+X1MdmtPTbyDb/wq7joJhA==": { "id": "+X1MdmtPTbyDb/wq7joJhA==", "name": "libtool-ltdl", "version": "2.4.6-46.el9", "kind": "binary", "source": { "id": "", "name": "libtool", "version": "2.4.6-46.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+bwl6UbMaWOBWdHNekJsEw==": { "id": "+bwl6UbMaWOBWdHNekJsEw==", "name": "coreutils-single", "version": "8.32-39.el9", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-39.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/L1kFEoHZTukrNTCQLypFQ==": { "id": "/L1kFEoHZTukrNTCQLypFQ==", "name": "xz-libs", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/O7rOBo1qRMFm3q3Kf3mEw==": { "id": "/O7rOBo1qRMFm3q3Kf3mEw==", "name": "libselinux", "version": "3.6-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.6-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/h/TBQhfoSMCmey5oN87jA==": { "id": "/h/TBQhfoSMCmey5oN87jA==", "name": "libsolv", "version": "0.7.24-3.el9", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.24-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ub7EE8Da46T0x7lRdlVJg==": { "id": "/ub7EE8Da46T0x7lRdlVJg==", "name": "libsmartcols", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0T19Aon0dgLleTpQjLWzKw==": { "id": "0T19Aon0dgLleTpQjLWzKw==", "name": "crypto-policies", "version": "20250128-1.git5269e22.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20250128-1.git5269e22.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1atoBfoH0mJ0bCpetQ7/0g==": { "id": "1atoBfoH0mJ0bCpetQ7/0g==", "name": "file-libs", "version": "5.39-16.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2gCbp4kt+cF44NF/LqukDg==": { "id": "2gCbp4kt+cF44NF/LqukDg==", "name": "pcre2-syntax", "version": "10.40-6.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "5+tHFkkNi+1rUDSrmgYdkw==": { "id": "5+tHFkkNi+1rUDSrmgYdkw==", "name": "p11-kit-trust", "version": "0.25.3-3.el9_5", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5fhQlRzIg/IB8EVM2pFIZA==": { "id": "5fhQlRzIg/IB8EVM2pFIZA==", "name": "audit-libs", "version": "3.1.5-4.el9", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.5-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6WyRl8U3PR6ipKlxqlBzFA==": { "id": "6WyRl8U3PR6ipKlxqlBzFA==", "name": "ncurses-base", "version": "6.2-10.20210508.el9_6.2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-10.20210508.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "7cpIREEQnkaI7dbmWgmrvg==": { "id": "7cpIREEQnkaI7dbmWgmrvg==", "name": "gdbm-libs", "version": "1:1.23-1.el9", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.23-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7mDaaxs3ev+uNEDYC97U3Q==": { "id": "7mDaaxs3ev+uNEDYC97U3Q==", "name": "zlib", "version": "1.2.11-40.el9", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-40.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7ra56f21gLrcSpBD8a9+NQ==": { "id": "7ra56f21gLrcSpBD8a9+NQ==", "name": "libmount", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7vssDPaHKfFKMLimKBo7Gw==": { "id": "7vssDPaHKfFKMLimKBo7Gw==", "name": "libpeas", "version": "1.30.0-4.el9", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.30.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8uME+PFu6p/OAD7q+ZTVLw==": { "id": "8uME+PFu6p/OAD7q+ZTVLw==", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9olIUlLHZMdoUMju+8diyQ==": { "id": "9olIUlLHZMdoUMju+8diyQ==", "name": "filesystem", "version": "3.16-5.el9", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.16-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BQhiFmX4hLYteW4oRCLTSA==": { "id": "BQhiFmX4hLYteW4oRCLTSA==", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BRLVvSCW1qZQlEQR2x48fQ==": { "id": "BRLVvSCW1qZQlEQR2x48fQ==", "name": "gobject-introspection", "version": "1.68.0-11.el9", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.68.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CpfomSYboaXPZ9yn9NgGgw==": { "id": "CpfomSYboaXPZ9yn9NgGgw==", "name": "krb5-libs", "version": "1.21.1-8.el9_6", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.21.1-8.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DrLq8qfU1bfE8o8AfdvkrQ==": { "id": "DrLq8qfU1bfE8o8AfdvkrQ==", "name": "libverto", "version": "0.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FZ9gWulzkx76xjTSH/yM/g==": { "id": "FZ9gWulzkx76xjTSH/yM/g==", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "binary", "source": { "id": "", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FrUQI+koTfbikRk1jsFd0w==": { "id": "FrUQI+koTfbikRk1jsFd0w==", "name": "libstdc++", "version": "11.5.0-5.el9_5", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.5.0-5.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G61ZL2SOHR2qgvQfi118gw==": { "id": "G61ZL2SOHR2qgvQfi118gw==", "name": "dejavu-sans-fonts", "version": "2.37-18.el9", "kind": "binary", "source": { "id": "", "name": "dejavu-fonts", "version": "2.37-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HQdWvmyUSqtI3UTY0T4JiQ==": { "id": "HQdWvmyUSqtI3UTY0T4JiQ==", "name": "pcre", "version": "8.44-4.el9", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "I16VSEydeiRYB1TSf5694A==": { "id": "I16VSEydeiRYB1TSf5694A==", "name": "libreport-filesystem", "version": "2.15.2-6.el9", "kind": "binary", "source": { "id": "", "name": "libreport", "version": "2.15.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IZ65O3ZOapykHwhaOX1/YA==": { "id": "IZ65O3ZOapykHwhaOX1/YA==", "name": "libnghttp2", "version": "1.43.0-6.el9", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.43.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JKP7JzVg7UGaAz4VrH03lQ==": { "id": "JKP7JzVg7UGaAz4VrH03lQ==", "name": "langpacks-core-font-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KF5C+zKu/uFB7knCqOvDAQ==": { "id": "KF5C+zKu/uFB7knCqOvDAQ==", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KXUGN6voGlWUMRN5TCFy4w==": { "id": "KXUGN6voGlWUMRN5TCFy4w==", "name": "systemd-libs", "version": "252-51.el9_6.2", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "252-51.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Lwqn0aweLQLZmo12VvYcog==": { "id": "Lwqn0aweLQLZmo12VvYcog==", "name": "popt", "version": "1.18-8.el9", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "M9YTWinowLqOqX/+8mbhjg==": { "id": "M9YTWinowLqOqX/+8mbhjg==", "name": "sqlite-libs", "version": "3.34.1-8.el9_6", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-8.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MDH8Zt4oQWDiYk9qFV5Lbg==": { "id": "MDH8Zt4oQWDiYk9qFV5Lbg==", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NdCY2/S+syamLH224R4hug==": { "id": "NdCY2/S+syamLH224R4hug==", "name": "langpacks-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "O1acB+rpl9OLkk9I6phF7Q==": { "id": "O1acB+rpl9OLkk9I6phF7Q==", "name": "shadow-utils", "version": "2:4.9-12.el9", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.9-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OCIjbR16ktOEiFK36r0WNw==": { "id": "OCIjbR16ktOEiFK36r0WNw==", "name": "libtasn1", "version": "4.16.0-9.el9", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.16.0-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OaFmq38HlbKLTTEM/qATzg==": { "id": "OaFmq38HlbKLTTEM/qATzg==", "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-31.el9_6.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OgwdUybWl/HQYbnPTE4Psw==": { "id": "OgwdUybWl/HQYbnPTE4Psw==", "name": "npth", "version": "1.6-8.el9", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.6-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ohssf0Jzlafd9vtrrUKCXg==": { "id": "Ohssf0Jzlafd9vtrrUKCXg==", "name": "bash", "version": "5.1.8-9.el9", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Om9zCJ/QZ+hnrEvj6fGw==": { "id": "P5Om9zCJ/QZ+hnrEvj6fGw==", "name": "libgcrypt", "version": "1.10.0-11.el9", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.10.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PIk2BBAWexCFofMi5q03RA==": { "id": "PIk2BBAWexCFofMi5q03RA==", "name": "pcre2", "version": "10.40-6.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PZXvGa4khHd2n6o73hJ/Pg==": { "id": "PZXvGa4khHd2n6o73hJ/Pg==", "name": "microdnf", "version": "3.9.1-3.el9", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.9.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RXh3fimX8fGZeCt4chJEiA==": { "id": "RXh3fimX8fGZeCt4chJEiA==", "name": "librhsm", "version": "0.0.3-9.el9", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "S8p9UGak1oycptcpYp/1eg==": { "id": "S8p9UGak1oycptcpYp/1eg==", "name": "openldap", "version": "2.6.8-4.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.8-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SjQtW3gQmgt+Qj8JlnY4Mg==": { "id": "SjQtW3gQmgt+Qj8JlnY4Mg==", "name": "libblkid", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Su8bfW9ijc0V5CiAum2V1g==": { "id": "Su8bfW9ijc0V5CiAum2V1g==", "name": "bzip2-libs", "version": "1.0.8-10.el9_5", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-10.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TPIRq84Pr3a6ywzPeCr3Pw==": { "id": "TPIRq84Pr3a6ywzPeCr3Pw==", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "To0NR+oyXDu1CYJfmVGurQ==": { "id": "To0NR+oyXDu1CYJfmVGurQ==", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VV2Z1ngTs6sGvt5SrayPCg==": { "id": "VV2Z1ngTs6sGvt5SrayPCg==", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VX9V+Y680L2xf2tBREdpCw==": { "id": "VX9V+Y680L2xf2tBREdpCw==", "name": "gmp", "version": "1:6.2.0-13.el9", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.2.0-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WtG8AvirpmNJ8wVE+fxfGQ==": { "id": "WtG8AvirpmNJ8wVE+fxfGQ==", "name": "libxml2", "version": "2.9.13-12.el9_6", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-12.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XG5+bW8np2NedSy/od6z8Q==": { "id": "XG5+bW8np2NedSy/od6z8Q==", "name": "libacl", "version": "2.3.1-4.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XJlS+gwEt7T+nNr/Bflqzg==": { "id": "XJlS+gwEt7T+nNr/Bflqzg==", "name": "glibc-minimal-langpack", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XMkvB1ljVS0bNTUu2UEs3g==": { "id": "XMkvB1ljVS0bNTUu2UEs3g==", "name": "libgcc", "version": "11.5.0-5.el9_5", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.5.0-5.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XwbkaIGCYyq6BjBMVZ1wzw==": { "id": "XwbkaIGCYyq6BjBMVZ1wzw==", "name": "readline", "version": "8.1-4.el9", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZabCZVOpeuHGnRiGdzqBig==": { "id": "ZabCZVOpeuHGnRiGdzqBig==", "name": "openssl-fips-provider-so", "version": "3.0.7-6.el9_5", "kind": "binary", "source": { "id": "", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "arLt5War9yeQ8auYn/Idmw==": { "id": "arLt5War9yeQ8auYn/Idmw==", "name": "nettle", "version": "3.10.1-1.el9", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.10.1-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ayTA+mXRKgSCRl5LaqP4/w==": { "id": "ayTA+mXRKgSCRl5LaqP4/w==", "name": "glib2", "version": "2.68.4-16.el9_6.2", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-16.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bFvWffGqJWr7FWnI7K9NVw==": { "id": "bFvWffGqJWr7FWnI7K9NVw==", "name": "grep", "version": "3.6-5.el9", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bemGVBhbDe9iV1Kjvd9hAA==": { "id": "bemGVBhbDe9iV1Kjvd9hAA==", "name": "libffi", "version": "3.4.2-8.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bgzKs6bbeWeXxcqE+n7Jog==": { "id": "bgzKs6bbeWeXxcqE+n7Jog==", "name": "libsepol", "version": "3.6-2.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.6-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dC9CoYt17eaqinGSVCfCxw==": { "id": "dC9CoYt17eaqinGSVCfCxw==", "name": "libattr", "version": "2.5.1-3.el9", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.5.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "de44cUqF23LvU0fOSvNRjA==": { "id": "de44cUqF23LvU0fOSvNRjA==", "name": "libevent", "version": "2.1.12-8.el9_4", "kind": "binary", "source": { "id": "", "name": "libevent", "version": "2.1.12-8.el9_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dpQG/pUwAqVv1OdQqnvylQ==": { "id": "dpQG/pUwAqVv1OdQqnvylQ==", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eK3V3oi6vbIfOQRAcWBYDw==": { "id": "eK3V3oi6vbIfOQRAcWBYDw==", "name": "glibc-common", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eRa7MZyiHBvsv7GPhkGKdg==": { "id": "eRa7MZyiHBvsv7GPhkGKdg==", "name": "lua-libs", "version": "5.4.4-4.el9", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.4.4-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eaygsCP+5IpdIryvw94Tcw==": { "id": "eaygsCP+5IpdIryvw94Tcw==", "name": "rootfiles", "version": "8.1-34.el9", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-34.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f8lJd/yoDqE6O0RUQGqkpQ==": { "id": "f8lJd/yoDqE6O0RUQGqkpQ==", "name": "libusbx", "version": "1.0.26-1.el9", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.26-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gsKPriszRNKAqMnHK+dXgw==": { "id": "gsKPriszRNKAqMnHK+dXgw==", "name": "libksba", "version": "1.5.1-7.el9", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.5.1-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hYEisV19Dxn4PvCvxJFm5A==": { "id": "hYEisV19Dxn4PvCvxJFm5A==", "name": "lz4-libs", "version": "1.9.3-5.el9", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iTD/lpKAM3AZEWh+zVx2tg==": { "id": "iTD/lpKAM3AZEWh+zVx2tg==", "name": "librepo", "version": "1.14.5-2.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.5-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iVtx1BX52G3zRfk+g/oWIg==": { "id": "iVtx1BX52G3zRfk+g/oWIg==", "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.2.2-6.el9_5.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iaJm7Mdk9UadnBII0ZwMeA==": { "id": "iaJm7Mdk9UadnBII0ZwMeA==", "name": "dnf-data", "version": "4.14.0-25.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.14.0-25.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "izPQpATHYfezyT+kcua/tQ==": { "id": "izPQpATHYfezyT+kcua/tQ==", "name": "gnutls", "version": "3.8.3-6.el9_6.2", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.8.3-6.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jAjaNW7NMGiv7HfByDu4RQ==": { "id": "jAjaNW7NMGiv7HfByDu4RQ==", "name": "alternatives", "version": "1.24-2.el9", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.24-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kAEPeyZOK/FwFoG6mOFUbQ==": { "id": "kAEPeyZOK/FwFoG6mOFUbQ==", "name": "libcap", "version": "2.48-9.el9_2", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-9.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kFxhSjWy84mTZBM4XiZaeQ==": { "id": "kFxhSjWy84mTZBM4XiZaeQ==", "name": "setup", "version": "2.13.7-10.el9", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.13.7-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kgbITSeRtKiT7enG8buGXw==": { "id": "kgbITSeRtKiT7enG8buGXw==", "name": "libcom_err", "version": "1.46.5-7.el9", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kigiD4fuysu8/DeCr+ONKQ==": { "id": "kigiD4fuysu8/DeCr+ONKQ==", "name": "basesystem", "version": "11-13.el9", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kp6BaioAZ30jbVeZkkzokA==": { "id": "kp6BaioAZ30jbVeZkkzokA==", "name": "libzstd", "version": "1.5.5-1.el9", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.5.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kvpHJLhsWpgEBJjx168pDg==": { "id": "kvpHJLhsWpgEBJjx168pDg==", "name": "tzdata", "version": "2025b-1.el9", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025b-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lI6hCbIwETVhCFhL4BxyiQ==": { "id": "lI6hCbIwETVhCFhL4BxyiQ==", "name": "libdnf", "version": "0.69.0-13.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.69.0-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lad8JH31WlI0MsNEYhUWlA==": { "id": "lad8JH31WlI0MsNEYhUWlA==", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mDM1q1sl0PqUWEn54kTSRw==": { "id": "mDM1q1sl0PqUWEn54kTSRw==", "name": "curl-minimal", "version": "7.76.1-31.el9_6.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-31.el9_6.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mK/FUfODp3MR7WS2xegPsw==": { "id": "mK/FUfODp3MR7WS2xegPsw==", "name": "langpacks-core-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mPqGnMbiXN6jP61aGbHvOA==": { "id": "mPqGnMbiXN6jP61aGbHvOA==", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nzQEyt4JfkGeZIIHPiBhog==": { "id": "nzQEyt4JfkGeZIIHPiBhog==", "name": "libuuid", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nzlusFbkan5h1d1Ks+BKBQ==": { "id": "nzlusFbkan5h1d1Ks+BKBQ==", "name": "ncurses-libs", "version": "6.2-10.20210508.el9_6.2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-10.20210508.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pYM7mYzFYUjRrK74RyhfOw==": { "id": "pYM7mYzFYUjRrK74RyhfOw==", "name": "redhat-release", "version": "9.6-0.1.el9", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "9.6-0.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qYSZ6aKFWol313IOGRXaug==": { "id": "qYSZ6aKFWol313IOGRXaug==", "name": "json-c", "version": "0.14-11.el9", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.14-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rCLp3m64Catai9VuHvh3Lw==": { "id": "rCLp3m64Catai9VuHvh3Lw==", "name": "keyutils-libs", "version": "1.6.3-1.el9", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rY/kE/V4JnxYoqV+lmc9mg==": { "id": "rY/kE/V4JnxYoqV+lmc9mg==", "name": "gawk", "version": "5.1.0-6.el9", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "5.1.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rlHYqOr0lkUB/Gs6b1kD2g==": { "id": "rlHYqOr0lkUB/Gs6b1kD2g==", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ssPaV1VLDu6d5ZJ6Rrmh3A==": { "id": "ssPaV1VLDu6d5ZJ6Rrmh3A==", "name": "sed", "version": "4.8-9.el9", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sx0C6L5COHIkv6yQQyPlbw==": { "id": "sx0C6L5COHIkv6yQQyPlbw==", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u5TyEoU5GA6Z2czzwhMLiA==": { "id": "u5TyEoU5GA6Z2czzwhMLiA==", "name": "fonts-filesystem", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "v3i4ez5juML2ZWwR+6dFFg==": { "id": "v3i4ez5juML2ZWwR+6dFFg==", "name": "gnupg2", "version": "2.3.3-4.el9", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.3.3-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wCA3gMNtInqX1xg18QcnQg==": { "id": "wCA3gMNtInqX1xg18QcnQg==", "name": "ca-certificates", "version": "2024.2.69_v8.0.303-91.4.el9_4", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2024.2.69_v8.0.303-91.4.el9_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wfJGCqOH8d+IYg/dAepx1A==": { "id": "wfJGCqOH8d+IYg/dAepx1A==", "name": "libarchive", "version": "3.5.3-6.el9_6", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-6.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "x4oijVhQU8BUwJwoFvk4QA==": { "id": "x4oijVhQU8BUwJwoFvk4QA==", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xSopjH0yPtbnx33MBmtmuA==": { "id": "xSopjH0yPtbnx33MBmtmuA==", "name": "rpm-libs", "version": "4.16.1.3-37.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xhMgwxa+ubXlCA6s9XfRgw==": { "id": "xhMgwxa+ubXlCA6s9XfRgw==", "name": "cyrus-sasl-lib", "version": "2.1.27-21.el9", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yEp9fQVFIQAEDPCwC3GLmA==": { "id": "yEp9fQVFIQAEDPCwC3GLmA==", "name": "libsemanage", "version": "3.6-5.el9_6", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.6-5.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zPvTALB8qlNtHa1j2iT5Zg==": { "id": "zPvTALB8qlNtHa1j2iT5Zg==", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7": { "id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "9", "version_code_name": "", "version_id": "9", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 9" } }, "repository": { "08c16e76-3c78-45fb-88ad-bde5cde6273e": { "id": "08c16e76-3c78-45fb-88ad-bde5cde6273e", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "caac3a0d-ea12-420a-91f4-42b87d0f4c74": { "id": "caac3a0d-ea12-420a-91f4-42b87d0f4c74", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" } }, "environments": { "+A7/nzEXX3Q/xJZ50VMnlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "+X1MdmtPTbyDb/wq7joJhA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "+bwl6UbMaWOBWdHNekJsEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "/L1kFEoHZTukrNTCQLypFQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "/O7rOBo1qRMFm3q3Kf3mEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "/h/TBQhfoSMCmey5oN87jA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "/ub7EE8Da46T0x7lRdlVJg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "0T19Aon0dgLleTpQjLWzKw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "1atoBfoH0mJ0bCpetQ7/0g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "2gCbp4kt+cF44NF/LqukDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "5+tHFkkNi+1rUDSrmgYdkw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "5fhQlRzIg/IB8EVM2pFIZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "6WyRl8U3PR6ipKlxqlBzFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "7cpIREEQnkaI7dbmWgmrvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "7mDaaxs3ev+uNEDYC97U3Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "7ra56f21gLrcSpBD8a9+NQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "7vssDPaHKfFKMLimKBo7Gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "8uME+PFu6p/OAD7q+ZTVLw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "9olIUlLHZMdoUMju+8diyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "BQhiFmX4hLYteW4oRCLTSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "BRLVvSCW1qZQlEQR2x48fQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "CpfomSYboaXPZ9yn9NgGgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "DrLq8qfU1bfE8o8AfdvkrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "FZ9gWulzkx76xjTSH/yM/g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "FrUQI+koTfbikRk1jsFd0w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "G61ZL2SOHR2qgvQfi118gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "HQdWvmyUSqtI3UTY0T4JiQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "I16VSEydeiRYB1TSf5694A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "IZ65O3ZOapykHwhaOX1/YA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "JKP7JzVg7UGaAz4VrH03lQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "KF5C+zKu/uFB7knCqOvDAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "KXUGN6voGlWUMRN5TCFy4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "Lwqn0aweLQLZmo12VvYcog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "M9YTWinowLqOqX/+8mbhjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "MDH8Zt4oQWDiYk9qFV5Lbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "NdCY2/S+syamLH224R4hug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "O1acB+rpl9OLkk9I6phF7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "OCIjbR16ktOEiFK36r0WNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "OaFmq38HlbKLTTEM/qATzg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "OgwdUybWl/HQYbnPTE4Psw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "Ohssf0Jzlafd9vtrrUKCXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "P5Om9zCJ/QZ+hnrEvj6fGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "PIk2BBAWexCFofMi5q03RA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "PZXvGa4khHd2n6o73hJ/Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "RXh3fimX8fGZeCt4chJEiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "S8p9UGak1oycptcpYp/1eg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "SjQtW3gQmgt+Qj8JlnY4Mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "Su8bfW9ijc0V5CiAum2V1g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "TPIRq84Pr3a6ywzPeCr3Pw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "To0NR+oyXDu1CYJfmVGurQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "VV2Z1ngTs6sGvt5SrayPCg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "VX9V+Y680L2xf2tBREdpCw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "WtG8AvirpmNJ8wVE+fxfGQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "XG5+bW8np2NedSy/od6z8Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "XJlS+gwEt7T+nNr/Bflqzg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "XMkvB1ljVS0bNTUu2UEs3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "XwbkaIGCYyq6BjBMVZ1wzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "ZabCZVOpeuHGnRiGdzqBig==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "arLt5War9yeQ8auYn/Idmw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "ayTA+mXRKgSCRl5LaqP4/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "bFvWffGqJWr7FWnI7K9NVw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "bemGVBhbDe9iV1Kjvd9hAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "bgzKs6bbeWeXxcqE+n7Jog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "dC9CoYt17eaqinGSVCfCxw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "de44cUqF23LvU0fOSvNRjA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "dpQG/pUwAqVv1OdQqnvylQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "eK3V3oi6vbIfOQRAcWBYDw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "eRa7MZyiHBvsv7GPhkGKdg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "eaygsCP+5IpdIryvw94Tcw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "f8lJd/yoDqE6O0RUQGqkpQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "gsKPriszRNKAqMnHK+dXgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "hYEisV19Dxn4PvCvxJFm5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "iTD/lpKAM3AZEWh+zVx2tg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "iVtx1BX52G3zRfk+g/oWIg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "iaJm7Mdk9UadnBII0ZwMeA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "izPQpATHYfezyT+kcua/tQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "jAjaNW7NMGiv7HfByDu4RQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "kAEPeyZOK/FwFoG6mOFUbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "kFxhSjWy84mTZBM4XiZaeQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "kgbITSeRtKiT7enG8buGXw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "kigiD4fuysu8/DeCr+ONKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "kp6BaioAZ30jbVeZkkzokA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "kvpHJLhsWpgEBJjx168pDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "lI6hCbIwETVhCFhL4BxyiQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "lad8JH31WlI0MsNEYhUWlA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "mDM1q1sl0PqUWEn54kTSRw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "mK/FUfODp3MR7WS2xegPsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "mPqGnMbiXN6jP61aGbHvOA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "nzQEyt4JfkGeZIIHPiBhog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "nzlusFbkan5h1d1Ks+BKBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "pYM7mYzFYUjRrK74RyhfOw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "qYSZ6aKFWol313IOGRXaug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "rCLp3m64Catai9VuHvh3Lw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "rY/kE/V4JnxYoqV+lmc9mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "rlHYqOr0lkUB/Gs6b1kD2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "ssPaV1VLDu6d5ZJ6Rrmh3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "sx0C6L5COHIkv6yQQyPlbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "u5TyEoU5GA6Z2czzwhMLiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "v3i4ez5juML2ZWwR+6dFFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "wCA3gMNtInqX1xg18QcnQg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "wfJGCqOH8d+IYg/dAepx1A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "x4oijVhQU8BUwJwoFvk4QA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "xSopjH0yPtbnx33MBmtmuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "xhMgwxa+ubXlCA6s9XfRgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "yEp9fQVFIQAEDPCwC3GLmA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "zPvTALB8qlNtHa1j2iT5Zg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "eaed9fa4-b2ca-4366-b32d-a83bd207ddc7", "repository_ids": [ "08c16e76-3c78-45fb-88ad-bde5cde6273e", "caac3a0d-ea12-420a-91f4-42b87d0f4c74" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ] }, "vulnerabilities": { "+U7CyAHaY71mhNm2Xnq2uw==": { "id": "+U7CyAHaY71mhNm2Xnq2uw==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "+UOyQgpOAnrWS+mVMK5k1Q==": { "id": "+UOyQgpOAnrWS+mVMK5k1Q==", "updater": "rhel-vex", "name": "CVE-2026-0861", "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "issued": "2026-01-14T21:01:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0861 https://bugzilla.redhat.com/show_bug.cgi?id=2429771 https://www.cve.org/CVERecord?id=CVE-2026-0861 https://nvd.nist.gov/vuln/detail/CVE-2026-0861 https://sourceware.org/bugzilla/show_bug.cgi?id=33796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0861.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "/A7M1zrsMND1dKjg2gEuyg==": { "id": "/A7M1zrsMND1dKjg2gEuyg==", "updater": "rhel-vex", "name": "CVE-2026-5450", "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "issued": "2026-04-20T20:55:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5450 https://bugzilla.redhat.com/show_bug.cgi?id=2459853 https://www.cve.org/CVERecord?id=CVE-2026-5450 https://nvd.nist.gov/vuln/detail/CVE-2026-5450 https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5450.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/jvSCV2RwJ6c/Llx9z8uvA==": { "id": "/jvSCV2RwJ6c/Llx9z8uvA==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "0E1VjQWdmolR9lr9ElIZZQ==": { "id": "0E1VjQWdmolR9lr9ElIZZQ==", "updater": "rhel-vex", "name": "CVE-2026-28389", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28389 https://bugzilla.redhat.com/show_bug.cgi?id=2451096 https://www.cve.org/CVERecord?id=CVE-2026-28389 https://nvd.nist.gov/vuln/detail/CVE-2026-28389 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28389.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1/8/Mjb4nleg0SsOivHAww==": { "id": "1/8/Mjb4nleg0SsOivHAww==", "updater": "rhel-vex", "name": "CVE-2025-9820", "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "issued": "2025-11-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9820 https://bugzilla.redhat.com/show_bug.cgi?id=2392528 https://www.cve.org/CVERecord?id=CVE-2025-9820 https://nvd.nist.gov/vuln/detail/CVE-2025-9820 https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 https://gitlab.com/gnutls/gnutls/-/issues/1732 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9820.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "1hhG+RKT0fsxlS/Wf/LWEA==": { "id": "1hhG+RKT0fsxlS/Wf/LWEA==", "updater": "rhel-vex", "name": "CVE-2026-0861", "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "issued": "2026-01-14T21:01:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0861 https://bugzilla.redhat.com/show_bug.cgi?id=2429771 https://www.cve.org/CVERecord?id=CVE-2026-0861 https://nvd.nist.gov/vuln/detail/CVE-2026-0861 https://sourceware.org/bugzilla/show_bug.cgi?id=33796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0861.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "1npmxgSnoYj2MyAhQMaE7g==": { "id": "1npmxgSnoYj2MyAhQMaE7g==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2TDjlt2gAEWsLyBBPigFYw==": { "id": "2TDjlt2gAEWsLyBBPigFYw==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3UNcgW64Eji4iyY2ZDB1cg==": { "id": "3UNcgW64Eji4iyY2ZDB1cg==", "updater": "rhel-vex", "name": "CVE-2026-3783", "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "issued": "2026-03-11T10:09:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3783 https://bugzilla.redhat.com/show_bug.cgi?id=2446450 https://www.cve.org/CVERecord?id=CVE-2026-3783 https://nvd.nist.gov/vuln/detail/CVE-2026-3783 http://www.openwall.com/lists/oss-security/2026/03/11/2 https://curl.se/docs/CVE-2026-3783.html https://curl.se/docs/CVE-2026-3783.json https://hackerone.com/reports/3583983 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3783.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3bb0a18NQSPWO0aeq9twVw==": { "id": "3bb0a18NQSPWO0aeq9twVw==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "429KD7e1Cl6AyUZNBGOTQw==": { "id": "429KD7e1Cl6AyUZNBGOTQw==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "4u3exWl+MPcCOYOgbQLM+A==": { "id": "4u3exWl+MPcCOYOgbQLM+A==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "59oEBlU3jh6EL6gtZDUaug==": { "id": "59oEBlU3jh6EL6gtZDUaug==", "updater": "rhel-vex", "name": "CVE-2026-4437", "description": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.", "issued": "2026-03-20T19:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4437 https://bugzilla.redhat.com/show_bug.cgi?id=2449777 https://www.cve.org/CVERecord?id=CVE-2026-4437 https://nvd.nist.gov/vuln/detail/CVE-2026-4437 https://sourceware.org/bugzilla/show_bug.cgi?id=34014 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4437.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5BksN0izCeDRrtFMsNCyvg==": { "id": "5BksN0izCeDRrtFMsNCyvg==", "updater": "rhel-vex", "name": "CVE-2025-9232", "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9232 https://bugzilla.redhat.com/show_bug.cgi?id=2396056 https://www.cve.org/CVERecord?id=CVE-2025-9232 https://nvd.nist.gov/vuln/detail/CVE-2025-9232 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9232.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5amguv6OT1njd8r+RXMCQQ==": { "id": "5amguv6OT1njd8r+RXMCQQ==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "6hAQW3vY9ZA/8datv1rY4g==": { "id": "6hAQW3vY9ZA/8datv1rY4g==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6rEIsdyQtCC456AuGwgsDQ==": { "id": "6rEIsdyQtCC456AuGwgsDQ==", "updater": "rhel-vex", "name": "CVE-2025-15079", "description": "A flaw was found in curl. When performing SSH-based transfers using SCP or SFTP, libcurl could mistakenly connect to hosts not listed in the user-specified knownhosts file. This occurs if the host is present in the libssh global knownhosts file, effectively bypassing the intended host verification. This could allow a remote attacker to connect to an untrusted host, potentially leading to information disclosure or man-in-the-middle attacks.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15079 https://bugzilla.redhat.com/show_bug.cgi?id=2426409 https://www.cve.org/CVERecord?id=CVE-2025-15079 https://nvd.nist.gov/vuln/detail/CVE-2025-15079 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15079.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "76mWuVYhbmIFsc4DNorK9A==": { "id": "76mWuVYhbmIFsc4DNorK9A==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "76z9Mpn8Jp7lhZSPsHTHug==": { "id": "76z9Mpn8Jp7lhZSPsHTHug==", "updater": "rhel-vex", "name": "CVE-2025-68973", "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "issued": "2025-12-28T16:19:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68973 https://bugzilla.redhat.com/show_bug.cgi?id=2425966 https://www.cve.org/CVERecord?id=CVE-2025-68973 https://nvd.nist.gov/vuln/detail/CVE-2025-68973 https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306 https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 https://gpg.fail/memcpy https://news.ycombinator.com/item?id=46403200 https://www.openwall.com/lists/oss-security/2025/12/28/5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68973.json https://access.redhat.com/errata/RHSA-2026:0719", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.3.3-5.el9_7", "arch_op": "pattern match" }, "78ARTcr/iVbEbtXWNEyadA==": { "id": "78ARTcr/iVbEbtXWNEyadA==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "7aI+wyLEqkIPj2Wh4f1UKg==": { "id": "7aI+wyLEqkIPj2Wh4f1UKg==", "updater": "rhel-vex", "name": "CVE-2026-40356", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40356 https://bugzilla.redhat.com/show_bug.cgi?id=2463368 https://www.cve.org/CVERecord?id=CVE-2026-40356 https://nvd.nist.gov/vuln/detail/CVE-2026-40356 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40356.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7eKrcl3YwGJqhWmZNbH7Eg==": { "id": "7eKrcl3YwGJqhWmZNbH7Eg==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "8MfvwX+dRI6Qt2H+x71rZg==": { "id": "8MfvwX+dRI6Qt2H+x71rZg==", "updater": "rhel-vex", "name": "CVE-2025-15224", "description": "A flaw was found in libcurl. When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15224 https://bugzilla.redhat.com/show_bug.cgi?id=2426410 https://www.cve.org/CVERecord?id=CVE-2025-15224 https://nvd.nist.gov/vuln/detail/CVE-2025-15224 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15224.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZCpE1M7eqNdy615aO2gLQ==": { "id": "8ZCpE1M7eqNdy615aO2gLQ==", "updater": "rhel-vex", "name": "CVE-2026-0992", "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0992 https://bugzilla.redhat.com/show_bug.cgi?id=2429975 https://www.cve.org/CVERecord?id=CVE-2026-0992 https://nvd.nist.gov/vuln/detail/CVE-2026-0992 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0992.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8kndQj/aRn+NNJdGVP9v4g==": { "id": "8kndQj/aRn+NNJdGVP9v4g==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9bjl4H6CMWLL3h1g5y6i9Q==": { "id": "9bjl4H6CMWLL3h1g5y6i9Q==", "updater": "rhel-vex", "name": "CVE-2026-5928", "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "issued": "2026-04-20T20:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5928 https://bugzilla.redhat.com/show_bug.cgi?id=2459854 https://www.cve.org/CVERecord?id=CVE-2026-5928 https://nvd.nist.gov/vuln/detail/CVE-2026-5928 https://sourceware.org/bugzilla/show_bug.cgi?id=33998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5928.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9iigvnuYDaC8UzcOIDLjIQ==": { "id": "9iigvnuYDaC8UzcOIDLjIQ==", "updater": "rhel-vex", "name": "CVE-2026-24883", "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "issued": "2026-01-27T18:43:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24883 https://bugzilla.redhat.com/show_bug.cgi?id=2433463 https://www.cve.org/CVERecord?id=CVE-2026-24883 https://nvd.nist.gov/vuln/detail/CVE-2026-24883 https://dev.gnupg.org/T8049 https://www.openwall.com/lists/oss-security/2026/01/27/8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24883.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AD3UsMwxeXvBzVWIm5l5yw==": { "id": "AD3UsMwxeXvBzVWIm5l5yw==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AUiFITCnRjRxctzqqbDeeA==": { "id": "AUiFITCnRjRxctzqqbDeeA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Argl342WI7oZtgSo+p9kMA==": { "id": "Argl342WI7oZtgSo+p9kMA==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "AwYRRq6SmgfJLn2NZxQUdw==": { "id": "AwYRRq6SmgfJLn2NZxQUdw==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BheYJlsY7UG2Ru8eF1IU4g==": { "id": "BheYJlsY7UG2Ru8eF1IU4g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libmount", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "D7U85Qc3CYAscEzhSfT76A==": { "id": "D7U85Qc3CYAscEzhSfT76A==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "DDxCHnX+kCqcRQj9b90/cg==": { "id": "DDxCHnX+kCqcRQj9b90/cg==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DTApvRZh1HJD5XbbpU3ahw==": { "id": "DTApvRZh1HJD5XbbpU3ahw==", "updater": "rhel-vex", "name": "CVE-2026-1757", "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "issued": "2026-02-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1757 https://bugzilla.redhat.com/show_bug.cgi?id=2435940 https://www.cve.org/CVERecord?id=CVE-2026-1757 https://nvd.nist.gov/vuln/detail/CVE-2026-1757 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DrIVK8+yvV91OzF2CS9o5A==": { "id": "DrIVK8+yvV91OzF2CS9o5A==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "Eh3WlvVSpgyvj1kaA5So7g==": { "id": "Eh3WlvVSpgyvj1kaA5So7g==", "updater": "rhel-vex", "name": "CVE-2025-13601", "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "issued": "2025-11-24T13:00:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://www.cve.org/CVERecord?id=CVE-2025-13601 https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13601.json https://access.redhat.com/errata/RHSA-2026:0936", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-18.el9_7.1", "arch_op": "pattern match" }, "Ez8lHT2uV9Tf9vJC/T4WXg==": { "id": "Ez8lHT2uV9Tf9vJC/T4WXg==", "updater": "rhel-vex", "name": "CVE-2026-4426", "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4426 https://bugzilla.redhat.com/show_bug.cgi?id=2449010 https://www.cve.org/CVERecord?id=CVE-2026-4426 https://nvd.nist.gov/vuln/detail/CVE-2026-4426 https://github.com/libarchive/libarchive/pull/2897 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4426.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "F4WBuBnk4OQIl1a5Q4CVPg==": { "id": "F4WBuBnk4OQIl1a5Q4CVPg==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://gitlab.gnome.org/GNOME/libxml2/-/issues/941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FLpBF1y0CvCfFuXOmlaRZw==": { "id": "FLpBF1y0CvCfFuXOmlaRZw==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json https://access.redhat.com/errata/RHSA-2025:22376", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-14.el9_7", "arch_op": "pattern match" }, "FQwXyPZ+oHyxQZ9RBQXbpw==": { "id": "FQwXyPZ+oHyxQZ9RBQXbpw==", "updater": "rhel-vex", "name": "CVE-2025-13034", "description": "A flaw was found in curl. When configured to use public key pinning with QUIC connections and GnuTLS, and with standard certificate verification explicitly disabled, curl could bypass the intended public key check. This oversight allows a malicious server to impersonate a legitimate one, potentially leading to unauthorized access or information disclosure due to a failure in verifying the server's identity.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13034 https://bugzilla.redhat.com/show_bug.cgi?id=2426406 https://www.cve.org/CVERecord?id=CVE-2025-13034 https://nvd.nist.gov/vuln/detail/CVE-2025-13034 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13034.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GAn7gWUe2pFr7PbwechqxA==": { "id": "GAn7gWUe2pFr7PbwechqxA==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GWKQvGJTKzyU9GiQECoFhg==": { "id": "GWKQvGJTKzyU9GiQECoFhg==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "HxI42iSjURjRki+uV6q/9w==": { "id": "HxI42iSjURjRki+uV6q/9w==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ie7rkr8oApZOM9PK2gFB6A==": { "id": "Ie7rkr8oApZOM9PK2gFB6A==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IrRjtVOpf04EO7iAKFAznQ==": { "id": "IrRjtVOpf04EO7iAKFAznQ==", "updater": "rhel-vex", "name": "CVE-2026-0915", "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "issued": "2026-01-15T22:08:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0915 https://bugzilla.redhat.com/show_bug.cgi?id=2430201 https://www.cve.org/CVERecord?id=CVE-2026-0915 https://nvd.nist.gov/vuln/detail/CVE-2026-0915 https://sourceware.org/bugzilla/show_bug.cgi?id=33802 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0915.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "Iy2V+5RC7ENxxmnS9KdBOw==": { "id": "Iy2V+5RC7ENxxmnS9KdBOw==", "updater": "rhel-vex", "name": "CVE-2026-0915", "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "issued": "2026-01-15T22:08:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0915 https://bugzilla.redhat.com/show_bug.cgi?id=2430201 https://www.cve.org/CVERecord?id=CVE-2026-0915 https://nvd.nist.gov/vuln/detail/CVE-2026-0915 https://sourceware.org/bugzilla/show_bug.cgi?id=33802 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0915.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "JK4fCJz1Ja5lmfE/vF5PcQ==": { "id": "JK4fCJz1Ja5lmfE/vF5PcQ==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "JqWXvYyB4T300h7KRcWtFA==": { "id": "JqWXvYyB4T300h7KRcWtFA==", "updater": "rhel-vex", "name": "CVE-2025-13601", "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "issued": "2025-11-24T13:00:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://www.cve.org/CVERecord?id=CVE-2025-13601 https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13601.json https://access.redhat.com/errata/RHSA-2026:0936", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-18.el9_7.1", "arch_op": "pattern match" }, "Jrkns8qeStFRPhcitcuZ4w==": { "id": "Jrkns8qeStFRPhcitcuZ4w==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "KCgZ2MK707GRfjAO2Q3SOA==": { "id": "KCgZ2MK707GRfjAO2Q3SOA==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "KMGV9rbVZ/vVUNSX6f+JqA==": { "id": "KMGV9rbVZ/vVUNSX6f+JqA==", "updater": "rhel-vex", "name": "CVE-2026-4111", "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "issued": "2026-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4111 https://bugzilla.redhat.com/show_bug.cgi?id=2446453 https://www.cve.org/CVERecord?id=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 https://github.com/libarchive/libarchive/pull/2877 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json https://access.redhat.com/errata/RHSA-2026:5080", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-7.el9_7", "arch_op": "pattern match" }, "Kqq2xlybjD/tOLmQWu2xPw==": { "id": "Kqq2xlybjD/tOLmQWu2xPw==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L1pkWyFlg006sdV2pKTg4A==": { "id": "L1pkWyFlg006sdV2pKTg4A==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-fips-provider", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LeWRqc+lggRL8KnG53e6CA==": { "id": "LeWRqc+lggRL8KnG53e6CA==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "Lhc4n2a9ma6eRDB/RCRmLQ==": { "id": "Lhc4n2a9ma6eRDB/RCRmLQ==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "LuirMfnv2JkWFEU8MUuKUQ==": { "id": "LuirMfnv2JkWFEU8MUuKUQ==", "updater": "rhel-vex", "name": "CVE-2025-13151", "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "issued": "2026-01-07T21:14:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13151 https://bugzilla.redhat.com/show_bug.cgi?id=2427698 https://www.cve.org/CVERecord?id=CVE-2025-13151 https://nvd.nist.gov/vuln/detail/CVE-2025-13151 https://gitlab.com/gnutls/libtasn1 https://gitlab.com/gnutls/libtasn1/-/merge_requests/121 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LxYgcRll4fEnbCHHZWt4BA==": { "id": "LxYgcRll4fEnbCHHZWt4BA==", "updater": "rhel-vex", "name": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "issued": "2026-03-30T07:44:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5121 https://bugzilla.redhat.com/show_bug.cgi?id=2452945 https://www.cve.org/CVERecord?id=CVE-2026-5121 https://nvd.nist.gov/vuln/detail/CVE-2026-5121 https://github.com/advisories/GHSA-2vwv-vqpv-v8vc https://github.com/libarchive/libarchive/pull/2934 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5121.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "M293c+QguJ/aaYP3cMwfyQ==": { "id": "M293c+QguJ/aaYP3cMwfyQ==", "updater": "rhel-vex", "name": "CVE-2026-28388", "description": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28388 https://bugzilla.redhat.com/show_bug.cgi?id=2451097 https://www.cve.org/CVERecord?id=CVE-2026-28388 https://nvd.nist.gov/vuln/detail/CVE-2026-28388 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28388.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MT27FBW6q+x91HBvTyGVKQ==": { "id": "MT27FBW6q+x91HBvTyGVKQ==", "updater": "rhel-vex", "name": "CVE-2026-4046", "description": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-30T17:16:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4046 https://bugzilla.redhat.com/show_bug.cgi?id=2453117 https://www.cve.org/CVERecord?id=CVE-2026-4046 https://nvd.nist.gov/vuln/detail/CVE-2026-4046 https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/ https://sourceware.org/bugzilla/show_bug.cgi?id=33980 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4046.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "N7otM4CJgwQwy0Mz0UA3Vw==": { "id": "N7otM4CJgwQwy0Mz0UA3Vw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "NrTzMmbWyM5UeSvnQVNLOg==": { "id": "NrTzMmbWyM5UeSvnQVNLOg==", "updater": "rhel-vex", "name": "CVE-2026-0988", "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0988 https://bugzilla.redhat.com/show_bug.cgi?id=2429886 https://www.cve.org/CVERecord?id=CVE-2026-0988 https://nvd.nist.gov/vuln/detail/CVE-2026-0988 https://gitlab.gnome.org/GNOME/glib/-/issues/3851 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0988.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OB9n4NdBrq+3wlcM9+90Dg==": { "id": "OB9n4NdBrq+3wlcM9+90Dg==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "PUCpgzV2LGcCb5yPJbawGw==": { "id": "PUCpgzV2LGcCb5yPJbawGw==", "updater": "rhel-vex", "name": "CVE-2025-68973", "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "issued": "2025-12-28T16:19:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68973 https://bugzilla.redhat.com/show_bug.cgi?id=2425966 https://www.cve.org/CVERecord?id=CVE-2025-68973 https://nvd.nist.gov/vuln/detail/CVE-2025-68973 https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306 https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 https://gpg.fail/memcpy https://news.ycombinator.com/item?id=46403200 https://www.openwall.com/lists/oss-security/2025/12/28/5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68973.json https://access.redhat.com/errata/RHSA-2026:0719", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.3.3-5.el9_7", "arch_op": "pattern match" }, "PrCrIesi0sSvMQjPpvxecw==": { "id": "PrCrIesi0sSvMQjPpvxecw==", "updater": "rhel-vex", "name": "CVE-2025-14512", "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "issued": "2025-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14512 https://bugzilla.redhat.com/show_bug.cgi?id=2421339 https://www.cve.org/CVERecord?id=CVE-2025-14512 https://nvd.nist.gov/vuln/detail/CVE-2025-14512 https://gitlab.gnome.org/GNOME/glib/-/issues/3845 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14512.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Pza9Y2xtH9MChVMkZwgw2A==": { "id": "Pza9Y2xtH9MChVMkZwgw2A==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q6o565VsHFcmyuOW6jCOGw==": { "id": "Q6o565VsHFcmyuOW6jCOGw==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "QSP4YGVknCXnnhDrDAxftg==": { "id": "QSP4YGVknCXnnhDrDAxftg==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "Qbjoqw6Ot3cGOKNyQYBo4g==": { "id": "Qbjoqw6Ot3cGOKNyQYBo4g==", "updater": "rhel-vex", "name": "CVE-2025-14087", "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14087 https://bugzilla.redhat.com/show_bug.cgi?id=2419093 https://www.cve.org/CVERecord?id=CVE-2025-14087 https://nvd.nist.gov/vuln/detail/CVE-2025-14087 https://gitlab.gnome.org/GNOME/glib/-/issues/3834 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14087.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QskDoDnTSvrQeDXklM4YOw==": { "id": "QskDoDnTSvrQeDXklM4YOw==", "updater": "rhel-vex", "name": "CVE-2026-4105", "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "issued": "2026-03-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4105 https://bugzilla.redhat.com/show_bug.cgi?id=2447262 https://www.cve.org/CVERecord?id=CVE-2026-4105 https://nvd.nist.gov/vuln/detail/CVE-2026-4105 https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4105.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RHShqbO2hqcBNPYbKDg/3A==": { "id": "RHShqbO2hqcBNPYbKDg/3A==", "updater": "rhel-vex", "name": "CVE-2026-6732", "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "issued": "2026-04-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6732 https://bugzilla.redhat.com/show_bug.cgi?id=2461300 https://www.cve.org/CVERecord?id=CVE-2026-6732 https://nvd.nist.gov/vuln/detail/CVE-2026-6732 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097 https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6732.json", "severity": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S5Dzz9cigoJDCj8s5UcT0g==": { "id": "S5Dzz9cigoJDCj8s5UcT0g==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SYSyRuW2vXdWcXLSfRP1aQ==": { "id": "SYSyRuW2vXdWcXLSfRP1aQ==", "updater": "rhel-vex", "name": "CVE-2025-15281", "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "issued": "2026-01-20T13:22:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15281 https://bugzilla.redhat.com/show_bug.cgi?id=2431196 https://www.cve.org/CVERecord?id=CVE-2025-15281 https://nvd.nist.gov/vuln/detail/CVE-2025-15281 https://sourceware.org/bugzilla/show_bug.cgi?id=33814 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15281.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "T+jfDhqJcXwVQ38oWEz/6g==": { "id": "T+jfDhqJcXwVQ38oWEz/6g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libsmartcols", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "TccjTp2Y8sTyWrjrm24IKA==": { "id": "TccjTp2Y8sTyWrjrm24IKA==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libmount", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "TwoNniaY2Urt7TF64epJXg==": { "id": "TwoNniaY2Urt7TF64epJXg==", "updater": "rhel-vex", "name": "CVE-2026-31790", "description": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31790 https://bugzilla.redhat.com/show_bug.cgi?id=2451094 https://www.cve.org/CVERecord?id=CVE-2026-31790 https://nvd.nist.gov/vuln/detail/CVE-2026-31790 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31790.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VWEbeFnFOHy1IkG21b5a5g==": { "id": "VWEbeFnFOHy1IkG21b5a5g==", "updater": "rhel-vex", "name": "CVE-2023-30571", "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "issued": "2023-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VYGbkY0i6P3tRJd9mM1wNg==": { "id": "VYGbkY0i6P3tRJd9mM1wNg==", "updater": "rhel-vex", "name": "CVE-2026-1489", "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1489 https://bugzilla.redhat.com/show_bug.cgi?id=2433348 https://www.cve.org/CVERecord?id=CVE-2026-1489 https://nvd.nist.gov/vuln/detail/CVE-2026-1489 https://gitlab.gnome.org/GNOME/glib/-/issues/3872 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1489.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VzbOWZs6Sa8zFH+GQEnasQ==": { "id": "VzbOWZs6Sa8zFH+GQEnasQ==", "updater": "rhel-vex", "name": "CVE-2026-4878", "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "issued": "2026-04-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2451615 https://www.cve.org/CVERecord?id=CVE-2026-4878 https://nvd.nist.gov/vuln/detail/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2447554 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WP0Zjo/ORuC7+jbSIrru8A==": { "id": "WP0Zjo/ORuC7+jbSIrru8A==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "WVv0x6iWhzRgZZTPZ190Ng==": { "id": "WVv0x6iWhzRgZZTPZ190Ng==", "updater": "rhel-vex", "name": "CVE-2026-28386", "description": "A flaw was found in openssl. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support may experience a Denial of Service (DoS). This occurs when processing partial cipher blocks, specifically if the input buffer ends at a memory page boundary and the subsequent page is unmapped. This can lead to an out-of-bounds read of up to 15 bytes and a potential application crash.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28386 https://bugzilla.redhat.com/show_bug.cgi?id=2451099 https://www.cve.org/CVERecord?id=CVE-2026-28386 https://nvd.nist.gov/vuln/detail/CVE-2026-28386 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28386.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WxO9le6q4ACTs4KnSuckDw==": { "id": "WxO9le6q4ACTs4KnSuckDw==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json https://access.redhat.com/errata/RHSA-2025:20559", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-15.el9", "arch_op": "pattern match" }, "X7DmUVoCri5i6vdYVBBgXg==": { "id": "X7DmUVoCri5i6vdYVBBgXg==", "updater": "rhel-vex", "name": "CVE-2026-1965", "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "issued": "2026-03-11T10:08:52Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1965 https://bugzilla.redhat.com/show_bug.cgi?id=2446448 https://www.cve.org/CVERecord?id=CVE-2026-1965 https://nvd.nist.gov/vuln/detail/CVE-2026-1965 https://curl.se/docs/CVE-2026-1965.html https://curl.se/docs/CVE-2026-1965.json https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1965.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XPUXyp+BOEJyEGOgXafi8Q==": { "id": "XPUXyp+BOEJyEGOgXafi8Q==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XdzUGUJMTsfPfs79OXKU4Q==": { "id": "XdzUGUJMTsfPfs79OXKU4Q==", "updater": "rhel-vex", "name": "CVE-2025-14831", "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "issued": "2026-02-09T14:26:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14831 https://bugzilla.redhat.com/show_bug.cgi?id=2423177 https://www.cve.org/CVERecord?id=CVE-2025-14831 https://nvd.nist.gov/vuln/detail/CVE-2025-14831 https://gitlab.com/gnutls/gnutls/-/issues/1773 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14831.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "YIlv6HIDfGqvZL/MDTWWpg==": { "id": "YIlv6HIDfGqvZL/MDTWWpg==", "updater": "rhel-vex", "name": "CVE-2026-3805", "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "issued": "2026-03-11T10:09:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3805 https://bugzilla.redhat.com/show_bug.cgi?id=2446451 https://www.cve.org/CVERecord?id=CVE-2026-3805 https://nvd.nist.gov/vuln/detail/CVE-2026-3805 http://www.openwall.com/lists/oss-security/2026/03/11/4 https://curl.se/docs/CVE-2026-3805.html https://curl.se/docs/CVE-2026-3805.json https://hackerone.com/reports/3591944 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3805.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YX2rGofSXHBcNhTOGpNkAA==": { "id": "YX2rGofSXHBcNhTOGpNkAA==", "updater": "rhel-vex", "name": "CVE-2026-4424", "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://www.cve.org/CVERecord?id=CVE-2026-4424 https://nvd.nist.gov/vuln/detail/CVE-2026-4424 https://github.com/libarchive/libarchive/pull/2898 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "YtNpM5pykErH+UBXZABWdg==": { "id": "YtNpM5pykErH+UBXZABWdg==", "updater": "rhel-vex", "name": "CVE-2026-28390", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T22:00:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28390 https://bugzilla.redhat.com/show_bug.cgi?id=2456314 https://www.cve.org/CVERecord?id=CVE-2026-28390 https://nvd.nist.gov/vuln/detail/CVE-2026-28390 https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6 https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4 https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788 https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28390.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a9FllBAJiFi5FeYl0KG4aQ==": { "id": "a9FllBAJiFi5FeYl0KG4aQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aOUfuyvyyWEe7Z1IZT+fGw==": { "id": "aOUfuyvyyWEe7Z1IZT+fGw==", "updater": "rhel-vex", "name": "CVE-2026-34743", "description": "A flaw was found in XZ Utils. When the `lzma_index_decoder()` function processes an empty index, and a subsequent `lzma_index_append()` operation is performed, insufficient memory is allocated. This can lead to a buffer overflow, potentially causing a denial of service (DoS) for affected systems.", "issued": "2026-04-02T18:36:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34743 https://bugzilla.redhat.com/show_bug.cgi?id=2454589 https://www.cve.org/CVERecord?id=CVE-2026-34743 https://nvd.nist.gov/vuln/detail/CVE-2026-34743 https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87 https://github.com/tukaani-project/xz/releases/tag/v5.8.3 https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34743.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "xz", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bOC69k4Gpn8Av1w/ra2Tdw==": { "id": "bOC69k4Gpn8Av1w/ra2Tdw==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libuuid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "bgJs7DKkcMwNTsh9yTDgQg==": { "id": "bgJs7DKkcMwNTsh9yTDgQg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libblkid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "bjyLMZdYnkrpUxDySiQ34Q==": { "id": "bjyLMZdYnkrpUxDySiQ34Q==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "bugTfOdgCaATW4vTnuXTSQ==": { "id": "bugTfOdgCaATW4vTnuXTSQ==", "updater": "rhel-vex", "name": "CVE-2025-70873", "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "issued": "2026-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-70873 https://bugzilla.redhat.com/show_bug.cgi?id=2447086 https://www.cve.org/CVERecord?id=CVE-2025-70873 https://nvd.nist.gov/vuln/detail/CVE-2025-70873 https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054 https://sqlite.org/forum/forumpost/761eac3c82 https://sqlite.org/src/info/3d459f1fb1bd1b5e https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70873.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d/522T+B/ARMNSG+3QfAWA==": { "id": "d/522T+B/ARMNSG+3QfAWA==", "updater": "rhel-vex", "name": "CVE-2026-22185", "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "issued": "2026-01-07T20:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22185 https://bugzilla.redhat.com/show_bug.cgi?id=2427679 https://www.cve.org/CVERecord?id=CVE-2026-22185 https://nvd.nist.gov/vuln/detail/CVE-2026-22185 https://seclists.org/fulldisclosure/2026/Jan/5 https://seclists.org/fulldisclosure/2026/Jan/8 https://www.openldap.org/ https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22185.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openldap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e/EuZlSZUQTHCSl8kHuFag==": { "id": "e/EuZlSZUQTHCSl8kHuFag==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "e0/Fzu8wfMZp9zX32i9rMQ==": { "id": "e0/Fzu8wfMZp9zX32i9rMQ==", "updater": "rhel-vex", "name": "CVE-2026-27456", "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "issued": "2026-04-03T21:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27456 https://bugzilla.redhat.com/show_bug.cgi?id=2454956 https://www.cve.org/CVERecord?id=CVE-2026-27456 https://nvd.nist.gov/vuln/detail/CVE-2026-27456 https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4 https://github.com/util-linux/util-linux/releases/tag/v2.41.4 https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27456.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e0VfCD1REapdkagkByCnXQ==": { "id": "e0VfCD1REapdkagkByCnXQ==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eUh0vSDVmqXTnsB7jL0b4g==": { "id": "eUh0vSDVmqXTnsB7jL0b4g==", "updater": "rhel-vex", "name": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "issued": "2026-03-30T07:44:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5121 https://bugzilla.redhat.com/show_bug.cgi?id=2452945 https://www.cve.org/CVERecord?id=CVE-2026-5121 https://nvd.nist.gov/vuln/detail/CVE-2026-5121 https://github.com/advisories/GHSA-2vwv-vqpv-v8vc https://github.com/libarchive/libarchive/pull/2934 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5121.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "f6oGdnhZomBa/bs3snB3kA==": { "id": "f6oGdnhZomBa/bs3snB3kA==", "updater": "rhel-vex", "name": "CVE-2025-14831", "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "issued": "2026-02-09T14:26:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14831 https://bugzilla.redhat.com/show_bug.cgi?id=2423177 https://www.cve.org/CVERecord?id=CVE-2025-14831 https://nvd.nist.gov/vuln/detail/CVE-2025-14831 https://gitlab.com/gnutls/gnutls/-/issues/1773 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14831.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "fFM0zIKtKuexRqlZMkzQpg==": { "id": "fFM0zIKtKuexRqlZMkzQpg==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "g6ZHihkpvpkr3oZoVOs05w==": { "id": "g6ZHihkpvpkr3oZoVOs05w==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "hHDtCxiuvJ9VSCSwnEG0Fw==": { "id": "hHDtCxiuvJ9VSCSwnEG0Fw==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7668", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-6.el9_7.1", "arch_op": "pattern match" }, "iF/o4aDbQf1DAw7R+LiVQw==": { "id": "iF/o4aDbQf1DAw7R+LiVQw==", "updater": "rhel-vex", "name": "CVE-2025-68972", "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "issued": "2025-12-27T22:52:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68972 https://bugzilla.redhat.com/show_bug.cgi?id=2425646 https://www.cve.org/CVERecord?id=CVE-2025-68972 https://nvd.nist.gov/vuln/detail/CVE-2025-68972 https://gpg.fail/formfeed https://news.ycombinator.com/item?id=46404339 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ija3h8P09PxwjEuLSUS2HA==": { "id": "ija3h8P09PxwjEuLSUS2HA==", "updater": "rhel-vex", "name": "CVE-2026-4438", "description": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.", "issued": "2026-03-20T19:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4438 https://bugzilla.redhat.com/show_bug.cgi?id=2449783 https://www.cve.org/CVERecord?id=CVE-2026-4438 https://nvd.nist.gov/vuln/detail/CVE-2026-4438 https://sourceware.org/bugzilla/show_bug.cgi?id=34015 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4438.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ixD2h349uZz3eCy55KxIlw==": { "id": "ixD2h349uZz3eCy55KxIlw==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "ixc06f0H9vqMfsbwQSwwvA==": { "id": "ixc06f0H9vqMfsbwQSwwvA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j/vFtwZCr4ow5q2VPKgR9g==": { "id": "j/vFtwZCr4ow5q2VPKgR9g==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "jiVVTQmOtKqVixv7agF/Hg==": { "id": "jiVVTQmOtKqVixv7agF/Hg==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "klH60uFrR0WkawaSlcOEKg==": { "id": "klH60uFrR0WkawaSlcOEKg==", "updater": "rhel-vex", "name": "CVE-2026-1484", "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1484 https://bugzilla.redhat.com/show_bug.cgi?id=2433259 https://www.cve.org/CVERecord?id=CVE-2026-1484 https://nvd.nist.gov/vuln/detail/CVE-2026-1484 https://gitlab.gnome.org/GNOME/glib/-/issues/3870 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1484.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "l1pK1ezh6e0g8I+Dp2iK7w==": { "id": "l1pK1ezh6e0g8I+Dp2iK7w==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "l6IrI73Pg+lrisEtcgX+0Q==": { "id": "l6IrI73Pg+lrisEtcgX+0Q==", "updater": "rhel-vex", "name": "CVE-2026-3784", "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "issued": "2026-03-11T10:09:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3784 https://bugzilla.redhat.com/show_bug.cgi?id=2446449 https://www.cve.org/CVERecord?id=CVE-2026-3784 https://nvd.nist.gov/vuln/detail/CVE-2026-3784 http://www.openwall.com/lists/oss-security/2026/03/11/3 https://curl.se/docs/CVE-2026-3784.html https://curl.se/docs/CVE-2026-3784.json https://hackerone.com/reports/3584903 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3784.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lQBARBTddFvexevUD04GZA==": { "id": "lQBARBTddFvexevUD04GZA==", "updater": "rhel-vex", "name": "CVE-2026-5745", "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5745 https://bugzilla.redhat.com/show_bug.cgi?id=2455921 https://www.cve.org/CVERecord?id=CVE-2026-5745 https://nvd.nist.gov/vuln/detail/CVE-2026-5745 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5745.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lppk3oI+Rm/KVCEYBGVKcg==": { "id": "lppk3oI+Rm/KVCEYBGVKcg==", "updater": "rhel-vex", "name": "CVE-2026-40355", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40355 https://bugzilla.redhat.com/show_bug.cgi?id=2463370 https://www.cve.org/CVERecord?id=CVE-2026-40355 https://nvd.nist.gov/vuln/detail/CVE-2026-40355 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40355.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mJw+LvAbCoVMIOZXCXNFpg==": { "id": "mJw+LvAbCoVMIOZXCXNFpg==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mYgwcPpa/l0bTZdysqbplg==": { "id": "mYgwcPpa/l0bTZdysqbplg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json https://access.redhat.com/errata/RHSA-2025:22376", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-14.el9_7", "arch_op": "pattern match" }, "mZCCwO//htsOIXazj/SeOw==": { "id": "mZCCwO//htsOIXazj/SeOw==", "updater": "rhel-vex", "name": "CVE-2026-31789", "description": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31789 https://bugzilla.redhat.com/show_bug.cgi?id=2451095 https://www.cve.org/CVERecord?id=CVE-2026-31789 https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31789.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ncqqUTuMttuUZ8SF9/Ywrg==": { "id": "ncqqUTuMttuUZ8SF9/Ywrg==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "oqSc7q4k6wTno/u9knscCQ==": { "id": "oqSc7q4k6wTno/u9knscCQ==", "updater": "rhel-vex", "name": "CVE-2024-9681", "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "issued": "2024-11-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9681 https://bugzilla.redhat.com/show_bug.cgi?id=2322969 https://www.cve.org/CVERecord?id=CVE-2024-9681 https://nvd.nist.gov/vuln/detail/CVE-2024-9681 https://hackerone.com/reports/2764830 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9681.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qFIYjZJeFnLAVC7lR0n6oQ==": { "id": "qFIYjZJeFnLAVC7lR0n6oQ==", "updater": "rhel-vex", "name": "CVE-2026-0989", "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \u003cinclude\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0989 https://bugzilla.redhat.com/show_bug.cgi?id=2429933 https://www.cve.org/CVERecord?id=CVE-2026-0989 https://nvd.nist.gov/vuln/detail/CVE-2026-0989 https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0989.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rz/CPeG1fPitayrSa0BFxQ==": { "id": "rz/CPeG1fPitayrSa0BFxQ==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "sJNoOKrtqJYf9M2tWcTlqg==": { "id": "sJNoOKrtqJYf9M2tWcTlqg==", "updater": "rhel-vex", "name": "CVE-2025-15281", "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "issued": "2026-01-20T13:22:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15281 https://bugzilla.redhat.com/show_bug.cgi?id=2431196 https://www.cve.org/CVERecord?id=CVE-2025-15281 https://nvd.nist.gov/vuln/detail/CVE-2025-15281 https://sourceware.org/bugzilla/show_bug.cgi?id=33814 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15281.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "smB1yCGhBb8gDhPAER7odg==": { "id": "smB1yCGhBb8gDhPAER7odg==", "updater": "rhel-vex", "name": "CVE-2025-14524", "description": "A flaw was found in curl. When an OAuth2 (Open Authorization) bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a different scheme like IMAP, LDAP, POP3, or SMTP, curl might incorrectly pass the bearer token to the new target host. This could lead to information disclosure, where sensitive authentication tokens are exposed to unintended recipients.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14524 https://bugzilla.redhat.com/show_bug.cgi?id=2426407 https://www.cve.org/CVERecord?id=CVE-2025-14524 https://nvd.nist.gov/vuln/detail/CVE-2025-14524 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14524.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "svCt47J2Zwa45xj8gn3U/w==": { "id": "svCt47J2Zwa45xj8gn3U/w==", "updater": "rhel-vex", "name": "CVE-2026-1485", "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1485 https://bugzilla.redhat.com/show_bug.cgi?id=2433325 https://www.cve.org/CVERecord?id=CVE-2026-1485 https://nvd.nist.gov/vuln/detail/CVE-2026-1485 https://gitlab.gnome.org/GNOME/glib/-/issues/3871 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1485.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sykv+pGN4TXggZNIwL/H4g==": { "id": "sykv+pGN4TXggZNIwL/H4g==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tbhLz74i3ShwS72WbIsoOA==": { "id": "tbhLz74i3ShwS72WbIsoOA==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u0cs09LPRVEEfen4PHM6gA==": { "id": "u0cs09LPRVEEfen4PHM6gA==", "updater": "rhel-vex", "name": "CVE-2026-0990", "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0990 https://bugzilla.redhat.com/show_bug.cgi?id=2429959 https://www.cve.org/CVERecord?id=CVE-2026-0990 https://nvd.nist.gov/vuln/detail/CVE-2026-0990 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0990.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u90uEyQ6vxfKeIQvjGNTHQ==": { "id": "u90uEyQ6vxfKeIQvjGNTHQ==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "uWz4SaM79VpO4EPAy+0C8g==": { "id": "uWz4SaM79VpO4EPAy+0C8g==", "updater": "rhel-vex", "name": "CVE-2026-5435", "description": "A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG (Transaction Signature) records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code.", "issued": "2026-04-28T11:58:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5435 https://bugzilla.redhat.com/show_bug.cgi?id=2463465 https://www.cve.org/CVERecord?id=CVE-2026-5435 https://nvd.nist.gov/vuln/detail/CVE-2026-5435 https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=34033 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5435.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uaetuJImncB6wudykQLpEA==": { "id": "uaetuJImncB6wudykQLpEA==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uu3d3lIlYVCZwOjqoNec3g==": { "id": "uu3d3lIlYVCZwOjqoNec3g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libblkid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "vQmd/px1n2vUjUceHOjVLA==": { "id": "vQmd/px1n2vUjUceHOjVLA==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vtpIIEEoAREfzDi0+K26Fg==": { "id": "vtpIIEEoAREfzDi0+K26Fg==", "updater": "rhel-vex", "name": "CVE-2026-4424", "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://www.cve.org/CVERecord?id=CVE-2026-4424 https://nvd.nist.gov/vuln/detail/CVE-2026-4424 https://github.com/libarchive/libarchive/pull/2898 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "xxrOMZzPk7ETmnvrIjBo0A==": { "id": "xxrOMZzPk7ETmnvrIjBo0A==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y/3qWQj3xOUQpm2CUr+ftg==": { "id": "y/3qWQj3xOUQpm2CUr+ftg==", "updater": "rhel-vex", "name": "CVE-2025-9820", "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "issued": "2025-11-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9820 https://bugzilla.redhat.com/show_bug.cgi?id=2392528 https://www.cve.org/CVERecord?id=CVE-2025-9820 https://nvd.nist.gov/vuln/detail/CVE-2025-9820 https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 https://gitlab.com/gnutls/gnutls/-/issues/1732 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9820.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "y7I268PAr74OoToX85XE8w==": { "id": "y7I268PAr74OoToX85XE8w==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "yUucg71orzE08FiDgaKBPQ==": { "id": "yUucg71orzE08FiDgaKBPQ==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "ymKqobod4xPivmLT/iq9oQ==": { "id": "ymKqobod4xPivmLT/iq9oQ==", "updater": "rhel-vex", "name": "CVE-2026-41990", "description": "A flaw was found in Libgcrypt. During Dilithium signing operations, the library fails to perform a bounds check when writing to a static array. While the data involved is not directly controlled by an attacker, this vulnerability could lead to memory corruption, potentially resulting in a denial of service (DoS) or affecting data integrity.", "issued": "2026-04-23T04:39:04Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41990 https://bugzilla.redhat.com/show_bug.cgi?id=2461068 https://www.cve.org/CVERecord?id=CVE-2026-41990 https://nvd.nist.gov/vuln/detail/CVE-2026-41990 https://dev.gnupg.org/T8208 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41990.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yzZzF1vLZmeTiLJMgY7W0Q==": { "id": "yzZzF1vLZmeTiLJMgY7W0Q==", "updater": "rhel-vex", "name": "CVE-2025-7039", "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "issued": "2025-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7039 https://bugzilla.redhat.com/show_bug.cgi?id=2392423 https://www.cve.org/CVERecord?id=CVE-2025-7039 https://nvd.nist.gov/vuln/detail/CVE-2025-7039 https://gitlab.gnome.org/GNOME/glib/-/issues/3716 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7039.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "z/beWyrkyrQJfgGCkMIsWg==": { "id": "z/beWyrkyrQJfgGCkMIsWg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libsmartcols", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "zmNQpHydwXFAJmLcFFYiyQ==": { "id": "zmNQpHydwXFAJmLcFFYiyQ==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libuuid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "znnZtQrOfSxqGV/OZKzI5g==": { "id": "znnZtQrOfSxqGV/OZKzI5g==", "updater": "rhel-vex", "name": "CVE-2026-4111", "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "issued": "2026-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4111 https://bugzilla.redhat.com/show_bug.cgi?id=2446453 https://www.cve.org/CVERecord?id=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 https://github.com/libarchive/libarchive/pull/2877 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json https://access.redhat.com/errata/RHSA-2026:5080", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-7.el9_7", "arch_op": "pattern match" }, "zqGJegkbTlVqcHBa6HtRTQ==": { "id": "zqGJegkbTlVqcHBa6HtRTQ==", "updater": "rhel-vex", "name": "CVE-2025-14017", "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "issued": "2026-01-08T10:07:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14017 https://bugzilla.redhat.com/show_bug.cgi?id=2427870 https://www.cve.org/CVERecord?id=CVE-2025-14017 https://nvd.nist.gov/vuln/detail/CVE-2025-14017 https://curl.se/docs/CVE-2025-14017.html https://curl.se/docs/CVE-2025-14017.json https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14017.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+bwl6UbMaWOBWdHNekJsEw==": [ "AD3UsMwxeXvBzVWIm5l5yw==" ], "/L1kFEoHZTukrNTCQLypFQ==": [ "aOUfuyvyyWEe7Z1IZT+fGw==" ], "/ub7EE8Da46T0x7lRdlVJg==": [ "T+jfDhqJcXwVQ38oWEz/6g==", "e0/Fzu8wfMZp9zX32i9rMQ==", "z/beWyrkyrQJfgGCkMIsWg==" ], "2gCbp4kt+cF44NF/LqukDg==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "6WyRl8U3PR6ipKlxqlBzFA==": [ "tbhLz74i3ShwS72WbIsoOA==" ], "7mDaaxs3ev+uNEDYC97U3Q==": [ "1npmxgSnoYj2MyAhQMaE7g==" ], "7ra56f21gLrcSpBD8a9+NQ==": [ "TccjTp2Y8sTyWrjrm24IKA==", "e0/Fzu8wfMZp9zX32i9rMQ==", "BheYJlsY7UG2Ru8eF1IU4g==" ], "CpfomSYboaXPZ9yn9NgGgw==": [ "7aI+wyLEqkIPj2Wh4f1UKg==", "lppk3oI+Rm/KVCEYBGVKcg==" ], "FZ9gWulzkx76xjTSH/yM/g==": [ "L1pkWyFlg006sdV2pKTg4A==" ], "FrUQI+koTfbikRk1jsFd0w==": [ "XPUXyp+BOEJyEGOgXafi8Q==" ], "IZ65O3ZOapykHwhaOX1/YA==": [ "hHDtCxiuvJ9VSCSwnEG0Fw==" ], "KXUGN6voGlWUMRN5TCFy4w==": [ "DrIVK8+yvV91OzF2CS9o5A==", "QskDoDnTSvrQeDXklM4YOw==", "vQmd/px1n2vUjUceHOjVLA==", "QSP4YGVknCXnnhDrDAxftg==" ], "M9YTWinowLqOqX/+8mbhjg==": [ "g6ZHihkpvpkr3oZoVOs05w==", "bugTfOdgCaATW4vTnuXTSQ==", "HxI42iSjURjRki+uV6q/9w==", "LeWRqc+lggRL8KnG53e6CA==" ], "O1acB+rpl9OLkk9I6phF7Q==": [ "WxO9le6q4ACTs4KnSuckDw==" ], "OCIjbR16ktOEiFK36r0WNw==": [ "LuirMfnv2JkWFEU8MUuKUQ==" ], "OaFmq38HlbKLTTEM/qATzg==": [ "l1pK1ezh6e0g8I+Dp2iK7w==", "6rEIsdyQtCC456AuGwgsDQ==", "8MfvwX+dRI6Qt2H+x71rZg==", "oqSc7q4k6wTno/u9knscCQ==", "zqGJegkbTlVqcHBa6HtRTQ==", "Pza9Y2xtH9MChVMkZwgw2A==", "smB1yCGhBb8gDhPAER7odg==", "l6IrI73Pg+lrisEtcgX+0Q==", "YIlv6HIDfGqvZL/MDTWWpg==", "FQwXyPZ+oHyxQZ9RBQXbpw==", "X7DmUVoCri5i6vdYVBBgXg==", "a9FllBAJiFi5FeYl0KG4aQ==", "3UNcgW64Eji4iyY2ZDB1cg==", "rz/CPeG1fPitayrSa0BFxQ==" ], "P5Om9zCJ/QZ+hnrEvj6fGw==": [ "ymKqobod4xPivmLT/iq9oQ==" ], "PIk2BBAWexCFofMi5q03RA==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "S8p9UGak1oycptcpYp/1eg==": [ "d/522T+B/ARMNSG+3QfAWA==" ], "SjQtW3gQmgt+Qj8JlnY4Mg==": [ "uu3d3lIlYVCZwOjqoNec3g==", "e0/Fzu8wfMZp9zX32i9rMQ==", "bgJs7DKkcMwNTsh9yTDgQg==" ], "WtG8AvirpmNJ8wVE+fxfGQ==": [ "AwYRRq6SmgfJLn2NZxQUdw==", "qFIYjZJeFnLAVC7lR0n6oQ==", "RHShqbO2hqcBNPYbKDg/3A==", "8kndQj/aRn+NNJdGVP9v4g==", "DTApvRZh1HJD5XbbpU3ahw==", "jiVVTQmOtKqVixv7agF/Hg==", "u0cs09LPRVEEfen4PHM6gA==", "F4WBuBnk4OQIl1a5Q4CVPg==", "8ZCpE1M7eqNdy615aO2gLQ==", "mYgwcPpa/l0bTZdysqbplg==", "FLpBF1y0CvCfFuXOmlaRZw==" ], "XJlS+gwEt7T+nNr/Bflqzg==": [ "uWz4SaM79VpO4EPAy+0C8g==", "/A7M1zrsMND1dKjg2gEuyg==", "ija3h8P09PxwjEuLSUS2HA==", "59oEBlU3jh6EL6gtZDUaug==", "9bjl4H6CMWLL3h1g5y6i9Q==", "MT27FBW6q+x91HBvTyGVKQ==" ], "XMkvB1ljVS0bNTUu2UEs3g==": [ "XPUXyp+BOEJyEGOgXafi8Q==" ], "ZabCZVOpeuHGnRiGdzqBig==": [ "L1pkWyFlg006sdV2pKTg4A==" ], "ayTA+mXRKgSCRl5LaqP4/w==": [ "klH60uFrR0WkawaSlcOEKg==", "VYGbkY0i6P3tRJd9mM1wNg==", "PrCrIesi0sSvMQjPpvxecw==", "Qbjoqw6Ot3cGOKNyQYBo4g==", "e0VfCD1REapdkagkByCnXQ==", "svCt47J2Zwa45xj8gn3U/w==", "ixc06f0H9vqMfsbwQSwwvA==", "yzZzF1vLZmeTiLJMgY7W0Q==", "NrTzMmbWyM5UeSvnQVNLOg==", "Eh3WlvVSpgyvj1kaA5So7g==", "JqWXvYyB4T300h7KRcWtFA==" ], "eK3V3oi6vbIfOQRAcWBYDw==": [ "uWz4SaM79VpO4EPAy+0C8g==", "/A7M1zrsMND1dKjg2gEuyg==", "ija3h8P09PxwjEuLSUS2HA==", "59oEBlU3jh6EL6gtZDUaug==", "9bjl4H6CMWLL3h1g5y6i9Q==", "MT27FBW6q+x91HBvTyGVKQ==" ], "iVtx1BX52G3zRfk+g/oWIg==": [ "D7U85Qc3CYAscEzhSfT76A==", "e/EuZlSZUQTHCSl8kHuFag==", "+U7CyAHaY71mhNm2Xnq2uw==", "y7I268PAr74OoToX85XE8w==", "bjyLMZdYnkrpUxDySiQ34Q==", "4u3exWl+MPcCOYOgbQLM+A==", "ixD2h349uZz3eCy55KxIlw==", "j/vFtwZCr4ow5q2VPKgR9g==", "/jvSCV2RwJ6c/Llx9z8uvA==", "Jrkns8qeStFRPhcitcuZ4w==", "yUucg71orzE08FiDgaKBPQ==", "GWKQvGJTKzyU9GiQECoFhg==", "5amguv6OT1njd8r+RXMCQQ==", "2TDjlt2gAEWsLyBBPigFYw==", "WVv0x6iWhzRgZZTPZ190Ng==", "M293c+QguJ/aaYP3cMwfyQ==", "Ie7rkr8oApZOM9PK2gFB6A==", "0E1VjQWdmolR9lr9ElIZZQ==", "6hAQW3vY9ZA/8datv1rY4g==", "TwoNniaY2Urt7TF64epJXg==", "mZCCwO//htsOIXazj/SeOw==", "YtNpM5pykErH+UBXZABWdg==", "5BksN0izCeDRrtFMsNCyvg==", "78ARTcr/iVbEbtXWNEyadA==", "7eKrcl3YwGJqhWmZNbH7Eg==", "KCgZ2MK707GRfjAO2Q3SOA==", "Q6o565VsHFcmyuOW6jCOGw==", "fFM0zIKtKuexRqlZMkzQpg==", "3bb0a18NQSPWO0aeq9twVw==", "WP0Zjo/ORuC7+jbSIrru8A==", "Argl342WI7oZtgSo+p9kMA==", "ncqqUTuMttuUZ8SF9/Ywrg==", "u90uEyQ6vxfKeIQvjGNTHQ==", "429KD7e1Cl6AyUZNBGOTQw==", "OB9n4NdBrq+3wlcM9+90Dg==", "JK4fCJz1Ja5lmfE/vF5PcQ==" ], "izPQpATHYfezyT+kcua/tQ==": [ "y/3qWQj3xOUQpm2CUr+ftg==", "f6oGdnhZomBa/bs3snB3kA==", "1/8/Mjb4nleg0SsOivHAww==", "XdzUGUJMTsfPfs79OXKU4Q==" ], "kAEPeyZOK/FwFoG6mOFUbQ==": [ "VzbOWZs6Sa8zFH+GQEnasQ==" ], "lad8JH31WlI0MsNEYhUWlA==": [ "uWz4SaM79VpO4EPAy+0C8g==", "/A7M1zrsMND1dKjg2gEuyg==", "ija3h8P09PxwjEuLSUS2HA==", "59oEBlU3jh6EL6gtZDUaug==", "9bjl4H6CMWLL3h1g5y6i9Q==", "MT27FBW6q+x91HBvTyGVKQ==", "IrRjtVOpf04EO7iAKFAznQ==", "sJNoOKrtqJYf9M2tWcTlqg==", "+UOyQgpOAnrWS+mVMK5k1Q==", "Iy2V+5RC7ENxxmnS9KdBOw==", "SYSyRuW2vXdWcXLSfRP1aQ==", "1hhG+RKT0fsxlS/Wf/LWEA==" ], "mDM1q1sl0PqUWEn54kTSRw==": [ "Lhc4n2a9ma6eRDB/RCRmLQ==", "6rEIsdyQtCC456AuGwgsDQ==", "8MfvwX+dRI6Qt2H+x71rZg==", "oqSc7q4k6wTno/u9knscCQ==", "zqGJegkbTlVqcHBa6HtRTQ==", "Pza9Y2xtH9MChVMkZwgw2A==", "smB1yCGhBb8gDhPAER7odg==", "l6IrI73Pg+lrisEtcgX+0Q==", "YIlv6HIDfGqvZL/MDTWWpg==", "FQwXyPZ+oHyxQZ9RBQXbpw==", "X7DmUVoCri5i6vdYVBBgXg==", "a9FllBAJiFi5FeYl0KG4aQ==", "3UNcgW64Eji4iyY2ZDB1cg==", "N7otM4CJgwQwy0Mz0UA3Vw==" ], "nzQEyt4JfkGeZIIHPiBhog==": [ "bOC69k4Gpn8Av1w/ra2Tdw==", "e0/Fzu8wfMZp9zX32i9rMQ==", "zmNQpHydwXFAJmLcFFYiyQ==" ], "nzlusFbkan5h1d1Ks+BKBQ==": [ "tbhLz74i3ShwS72WbIsoOA==" ], "rY/kE/V4JnxYoqV+lmc9mg==": [ "DDxCHnX+kCqcRQj9b90/cg==" ], "v3i4ez5juML2ZWwR+6dFFg==": [ "AUiFITCnRjRxctzqqbDeeA==", "9iigvnuYDaC8UzcOIDLjIQ==", "iF/o4aDbQf1DAw7R+LiVQw==", "GAn7gWUe2pFr7PbwechqxA==", "76z9Mpn8Jp7lhZSPsHTHug==", "PUCpgzV2LGcCb5yPJbawGw==" ], "wfJGCqOH8d+IYg/dAepx1A==": [ "uaetuJImncB6wudykQLpEA==", "VWEbeFnFOHy1IkG21b5a5g==", "xxrOMZzPk7ETmnvrIjBo0A==", "mJw+LvAbCoVMIOZXCXNFpg==", "76mWuVYhbmIFsc4DNorK9A==", "lQBARBTddFvexevUD04GZA==", "sykv+pGN4TXggZNIwL/H4g==", "Kqq2xlybjD/tOLmQWu2xPw==", "Ez8lHT2uV9Tf9vJC/T4WXg==", "YX2rGofSXHBcNhTOGpNkAA==", "LxYgcRll4fEnbCHHZWt4BA==", "KMGV9rbVZ/vVUNSX6f+JqA==", "vtpIIEEoAREfzDi0+K26Fg==", "eUh0vSDVmqXTnsB7jL0b4g==", "znnZtQrOfSxqGV/OZKzI5g==" ] }, "enrichments": {} } pod: gl-multi-component-parent-wgkl-on-push-tmwnx-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-wmpz/gl-multi-component-parent-wgkl Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-wmpz/gl-multi-component-parent-wgkl@sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/build-e2e-wmpz/gl-multi-component-parent-wgkl@sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: gl-multi-component-parent-wgkl-on-push-tmwnx-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 4, "warnings": [ { "msg": "Found packages with high vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: gnupg2-2.3.3-4.el9 (CVE-2025-68973), libarchive-3.5.3-6.el9_6 (CVE-2026-4111, CVE-2026-4424), libnghttp2-1.43.0-6.el9 (CVE-2026-27135), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-15467), sqlite-libs-3.34.1-8.el9_6 (CVE-2025-6965)", "name": "clair_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 6 } }, { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: krb5-libs-1.21.1-8.el9_6 (CVE-2026-40356), libcap-2.48-9.el9_2 (CVE-2026-4878)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 2 } }, { "msg": "Found packages with medium vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: gnutls-3.8.3-6.el9_6.2 (CVE-2025-14831), libmount-2.37.4-21.el9 (CVE-2025-14104), systemd-libs-252-51.el9_6.2 (CVE-2025-4598), libsmartcols-2.37.4-21.el9 (CVE-2025-14104), libxml2-2.9.13-12.el9_6 (CVE-2025-9714), glib2-2.68.4-16.el9_6.2 (CVE-2025-13601), libblkid-2.37.4-21.el9 (CVE-2025-14104), libuuid-2.37.4-21.el9 (CVE-2025-14104), glibc-2.34-168.el9_6.23 (CVE-2026-0915), libarchive-3.5.3-6.el9_6 (CVE-2026-5121), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-11187, CVE-2025-69419, CVE-2025-9230), curl-minimal-7.76.1-31.el9_6.1 (CVE-2025-9086), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2025-9086)", "name": "clair_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 15 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: coreutils-single-8.32-39.el9 (CVE-2025-5278), libmount-2.37.4-21.el9 (CVE-2026-27456), systemd-libs-252-51.el9_6.2 (CVE-2026-29111, CVE-2026-4105), xz-libs-5.2.5-8.el9_0 (CVE-2026-34743), gnupg2-2.3.3-4.el9 (CVE-2025-68972), libsmartcols-2.37.4-21.el9 (CVE-2026-27456), glibc-common-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), libxml2-2.9.13-12.el9_6 (CVE-2026-0990, CVE-2026-1757, CVE-2026-6732), glib2-2.68.4-16.el9_6.2 (CVE-2025-14087, CVE-2025-14512, CVE-2026-1484, CVE-2026-1489), glibc-minimal-langpack-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), libblkid-2.37.4-21.el9 (CVE-2026-27456), libuuid-2.37.4-21.el9 (CVE-2026-27456), krb5-libs-1.21.1-8.el9_6 (CVE-2026-40355), glibc-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), libarchive-3.5.3-6.el9_6 (CVE-2023-30571, CVE-2025-60753, CVE-2026-4426, CVE-2026-5745), openldap-2.6.8-4.el9 (CVE-2026-22185), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2026-28386, CVE-2026-28390, CVE-2026-31790), curl-minimal-7.76.1-31.el9_6.1 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 52 } }, { "msg": "Found packages with low/negligible vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: gnutls-3.8.3-6.el9_6.2 (CVE-2025-9820), shadow-utils-2:4.9-12.el9 (CVE-2024-56433), glibc-2.34-168.el9_6.23 (CVE-2025-15281, CVE-2026-0861), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796)", "name": "clair_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 13 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: zlib-1.2.11-40.el9 (CVE-2026-27171), libgcrypt-1.10.0-11.el9 (CVE-2026-41990), ncurses-base-6.2-10.20210508.el9_6.2 (CVE-2023-50495), gawk-5.1.0-6.el9 (CVE-2023-4156), gnupg2-2.3.3-4.el9 (CVE-2022-3219, CVE-2025-30258, CVE-2026-24883), glibc-common-2.34-168.el9_6.23 (CVE-2026-4438), openssl-fips-provider-3.0.7-6.el9_5 (CVE-2026-2673), pcre2-10.40-6.el9 (CVE-2022-41409), libxml2-2.9.13-12.el9_6 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170, CVE-2026-0989, CVE-2026-0992), glib2-2.68.4-16.el9_6.2 (CVE-2023-32636, CVE-2025-3360, CVE-2025-7039, CVE-2026-0988, CVE-2026-1485), glibc-minimal-langpack-2.34-168.el9_6.23 (CVE-2026-4438), pcre2-syntax-10.40-6.el9 (CVE-2022-41409), ncurses-libs-6.2-10.20210508.el9_6.2 (CVE-2023-50495), libstdc++-11.5.0-5.el9_5 (CVE-2022-27943), openssl-fips-provider-so-3.0.7-6.el9_5 (CVE-2026-2673), glibc-2.34-168.el9_6.23 (CVE-2026-4438), libarchive-3.5.3-6.el9_6 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232, CVE-2026-2673, CVE-2026-28388, CVE-2026-28389, CVE-2026-31789), curl-minimal-7.76.1-31.el9_6.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224), libgcc-11.5.0-5.el9_5 (CVE-2022-27943), sqlite-libs-3.34.1-8.el9_6 (CVE-2024-0232, CVE-2025-70873), libtasn1-4.16.0-9.el9 (CVE-2025-13151)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 55 } } ] } ] {"vulnerabilities":{"critical":0,"high":6,"medium":15,"low":13,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":2,"medium":52,"low":55,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-wmpz/gl-multi-component-parent-wgkl:9f708701ae914afe7e630479eae3504646a9f905", "digests": ["sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a"]}} {"result":"SUCCESS","timestamp":"2026-04-29T13:42:08+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: gl-multi-component-parent-wgkl-on-push-tmwnx-clamav-scan-pod | init container: prepare 2026/04/29 13:40:30 Entrypoint initialization pod: gl-multi-component-parent-wgkl-on-push-tmwnx-clamav-scan-pod | init container: place-scripts 2026/04/29 13:40:39 Decoded script /tekton/scripts/script-0-xw6jt 2026/04/29 13:40:39 Decoded script /tekton/scripts/script-1-mqxq7 pod: gl-multi-component-parent-wgkl-on-push-tmwnx-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/build-e2e-wmpz/gl-multi-component-parent-wgkl@sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 2.683 sec (0 m 2 s) Start Date: 2026:04:29 13:41:23 End Date: 2026:04:29 13:41:25 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27985/Tue Apr 28 06:25:02 2026 Database version: 27985 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1777470086","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1777470086","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1777470086","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-wmpz/gl-multi-component-parent-wgkl:9f708701ae914afe7e630479eae3504646a9f905", "digests": ["sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a"]}} pod: gl-multi-component-parent-wgkl-on-push-tmwnx-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-wmpz/gl-multi-component-parent-wgkl Attaching to quay.io/redhat-appstudio-qe/build-e2e-wmpz/gl-multi-component-parent-wgkl:9f708701ae914afe7e630479eae3504646a9f905 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/build-e2e-wmpz/gl-multi-component-parent-wgkl:9f708701ae914afe7e630479eae3504646a9f905@sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 362d0c575b4a clamscan-ec-test-amd64.json Uploading 4b7fd1f5f7d1 clamscan-result-amd64.log Uploaded 4b7fd1f5f7d1 clamscan-result-amd64.log Uploaded 362d0c575b4a clamscan-ec-test-amd64.json Uploading 3cc4dc3ef87e application/vnd.oci.image.manifest.v1+json Uploaded 3cc4dc3ef87e application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-wmpz/gl-multi-component-parent-wgkl:9f708701ae914afe7e630479eae3504646a9f905@sha256:75eb5d7777c92a824b5bb954a89b595c516834efe7469c597e37371d3985bd4a Digest: sha256:3cc4dc3ef87e9c80642f966f48fd90fc7415bee2361b60b660adb6335b867143 pod: gl-multi-component-parent-wgkl-on-push-tmwnx-init-pod | init container: prepare 2026/04/29 13:31:46 Entrypoint initialization pod: gl-multi-component-parent-wgkl-on-push-tmwnx-init-pod | container step-init: time="2026-04-29T13:32:05Z" level=info msg="[param] enable: false" time="2026-04-29T13:32:05Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:32:05Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:32:05Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:32:05Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:32:05Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:32:05Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:32:05Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:32:05Z" level=info msg="[result] NO PROXY: " New PipelineRun gl-multi-component-parent-wgkl-on-push-8q5lx found after retrigger for component build-e2e-wmpz/gl-multi-component-parent-wgkl PipelineRun gl-multi-component-parent-wgkl-on-push-8q5lx found for Component build-e2e-wmpz/gl-multi-component-parent-wgkl PipelineRun gl-multi-component-parent-wgkl-on-push-8q5lx reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-wgkl-on-push-8q5lx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-8q5lx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-8q5lx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-8q5lx reason: Running PipelineRun gl-multi-component-parent-wgkl-on-push-8q5lx reason: Failed attempt 3/3: PipelineRun "gl-multi-component-parent-wgkl-on-push-8q5lx" failed: pod: gl-multi-component-parent-wgkl-on-pull-request-bhs4n-init-pod | init container: prepare 2026/04/29 13:14:18 Entrypoint initialization pod: gl-multi-component-parent-wgkl-on-pull-request-bhs4n-init-pod | container step-init: time="2026-04-29T13:14:20Z" level=info msg="[param] enable: false" time="2026-04-29T13:14:20Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:14:20Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:14:20Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:14:20Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:14:20Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:14:21Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:14:21Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:14:21Z" level=info msg="[result] NO PROXY: " pod: gl-multi-component-parent-wgkl-on-push-8q5lx-init-pod | init container: prepare 2026/04/29 13:42:56 Entrypoint initialization pod: gl-multi-component-parent-wgkl-on-push-8q5lx-init-pod | container step-init: time="2026-04-29T13:43:00Z" level=info msg="[param] enable: false" time="2026-04-29T13:43:00Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:43:00Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:43:00Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:43:00Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:43:00Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:43:00Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:43:00Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:43:00Z" level=info msg="[result] NO PROXY: " pod: gl-multi-component-parent-wgkl-on-push-tmwnx-init-pod | init container: prepare 2026/04/29 13:31:46 Entrypoint initialization pod: gl-multi-component-parent-wgkl-on-push-tmwnx-init-pod | container step-init: time="2026-04-29T13:32:05Z" level=info msg="[param] enable: false" time="2026-04-29T13:32:05Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:32:05Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:32:05Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:32:05Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:32:05Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:32:05Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:32:05Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:32:05Z" level=info msg="[result] NO PROXY: " [FAILED] in [It] - /workspace/source/test/e2e/renovate.go:403 @ 04/29/26 13:44:29.466 << Timeline [FAILED] Expected success, but got an error: <*errors.errorString | 0xc00041f950>: pod: gl-multi-component-parent-wgkl-on-pull-request-bhs4n-init-pod | init container: prepare 2026/04/29 13:14:18 Entrypoint initialization pod: gl-multi-component-parent-wgkl-on-pull-request-bhs4n-init-pod | container step-init: time="2026-04-29T13:14:20Z" level=info msg="[param] enable: false" time="2026-04-29T13:14:20Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:14:20Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:14:20Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:14:20Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:14:20Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:14:21Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:14:21Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:14:21Z" level=info msg="[result] NO PROXY: " pod: gl-multi-component-parent-wgkl-on-push-8q5lx-init-pod | init container: prepare 2026/04/29 13:42:56 Entrypoint initialization pod: gl-multi-component-parent-wgkl-on-push-8q5lx-init-pod | container step-init: time="2026-04-29T13:43:00Z" level=info msg="[param] enable: false" time="2026-04-29T13:43:00Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:43:00Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:43:00Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:43:00Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:43:00Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:43:00Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:43:00Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:43:00Z" level=info msg="[result] NO PROXY: " pod: gl-multi-component-parent-wgkl-on-push-tmwnx-init-pod | init container: prepare 2026/04/29 13:31:46 Entrypoint initialization pod: gl-multi-component-parent-wgkl-on-push-tmwnx-init-pod | container step-init: time="2026-04-29T13:32:05Z" level=info msg="[param] enable: false" time="2026-04-29T13:32:05Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:32:05Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:32:05Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:32:05Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:32:05Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:32:05Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:32:05Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:32:05Z" level=info msg="[result] NO PROXY: " { s: "\n pod: gl-multi-component-parent-wgkl-on-pull-request-bhs4n-init-pod | init container: prepare\n2026/04/29 13:14:18 Entrypoint initialization\n\npod: gl-multi-component-parent-wgkl-on-pull-request-bhs4n-init-pod | container step-init: \ntime=\"2026-04-29T13:14:20Z\" level=info msg=\"[param] enable: false\"\ntime=\"2026-04-29T13:14:20Z\" level=info msg=\"[param] default-http-proxy: squid.caching.svc.cluster.local:3128\"\ntime=\"2026-04-29T13:14:20Z\" level=info msg=\"[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai\"\ntime=\"2026-04-29T13:14:20Z\" level=info msg=\"[param] http-proxy-result-path: /tekton/results/http-proxy\"\ntime=\"2026-04-29T13:14:20Z\" level=info msg=\"[param] no-proxy-result-path: /tekton/results/no-proxy\"\ntime=\"2026-04-29T13:14:20Z\" level=info msg=\"Using in-cluster config\" logger=KubeClient\ntime=\"2026-04-29T13:14:21Z\" level=info msg=\"Cache proxy is disabled via param\"\ntime=\"2026-04-29T13:14:21Z\" level=info msg=\"[result] HTTP PROXY: \"\ntime=\"2026-04-29T13:14:21Z\" level=info msg=\"[result] NO PROXY: \"\n\n pod: gl-multi-component-parent-wgkl-on-push-8q5lx-init-pod | init container: prepare\n2026/04/29 13:42:56 Entrypoint initialization\n\npod: gl-multi-component-parent-wgkl-on-push-8q5lx-init-pod | container step-init: \ntime=\"2026-04-29T13:43:00Z\" level=info msg=\"[param] enable: false\"\ntime=\"2026-04-29T13:43:00Z\" level=info msg=\"[param] default-http-proxy: squid.caching.svc.cluster.local:3128\"\ntime=\"2026-04-29T13:43:00Z\" level=info msg=\"[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai\"\ntime=\"2026-04-29T13:43:00Z\" level=info msg=\"[param] http-proxy-result-path: /tekton/results/http-proxy\"\ntime=\"2026-04-29T13:43:00Z\" level=info msg=\"[param] no-proxy-result-path: /tekton/results/no-proxy\"\ntime=\"2026-04-29T13:43:00Z\" level=info msg=\"Using in-cluster config\" logger=KubeClient\ntime=\"2026-04-29T13:43:00Z\" level=info msg=\"Cache proxy is disabled via param\"\ntime=\"2026-04-29T13:43:00Z\" level=info msg=\"[result] HTTP PROXY: \"\ntime=\"2026-04-29T13:43:00Z\" level=info msg=\"[result] NO PROXY: \"\n\n pod: gl-multi-component-parent-wgkl-on-push-tmwnx-init-pod | init container: prepare\n2026/04/29 13:31:46 Entrypoint initialization\n\npod: gl-multi-component-parent-wgkl-on-push-tmwnx-init-pod | container step-init: \ntime=\"2026-04-29T13:32:05Z\" level=info msg=\"[param] enable: false\"\ntime=\"2026-04-29T13:32:05Z\" level=info msg=\"[param] default-http-proxy: squid.caching.svc.cluster.local:3128\"\ntime=\"2026-04-29T13:32:05Z\" level=info msg=\"[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai\"\ntime=\"2026-04-29T13:32:05Z\" level=info msg=\"[param] http-proxy-result-path: /tekton/results/http-proxy\"\ntime=\"2026-04-29T13:32:05Z\" level=info msg=\"[param] no-proxy-result-path: /tekton/results/no-proxy\"\ntime=\"2026-04-29T13:32:05Z\" level=info msg=\"Using in-cluster config\" logger=KubeClient\ntime=\"2026-04-29T13:32:05Z\" level=info msg=\"Cache proxy is disabled via param\"\ntime=\"2026-04-29T13:32:05Z\" level=info msg=\"[result] HTTP PROXY: \"\ntime=\"2026-04-29T13:32:05Z\" level=info msg=\"[result] NO PROXY: \"\n", } In [It] at: /workspace/source/test/e2e/renovate.go:403 @ 04/29/26 13:44:29.466 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace [It] should lead to a nudge PR creation for child component [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:412 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/renovate.go:412 @ 04/29/26 13:44:37.981 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace [It] merging the PR should be successful for child component [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:429 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/renovate.go:429 @ 04/29/26 13:44:37.982 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace [It] Verify the nudge updated the contents [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:440 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/renovate.go:440 @ 04/29/26 13:44:37.982 ------------------------------ • [FAILED] [2819.416 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new Component with specified custom branch is created [It] the PipelineRun should eventually finish successfully [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:360 Timeline >> PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 found for Component build-e2e-alcd/fj-test-custom-branch-uwtimy PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-qgj87 reason: Failed attempt 1/3: PipelineRun "fj-test-custom-branch-uwtimy-on-pull-request-qgj87" failed: pod: fj-test-custom-branch-uwtimy-on-pull-request-qgj87-init-pod | init container: prepare 2026/04/29 13:14:44 Entrypoint initialization pod: fj-test-custom-branch-uwtimy-on-pull-request-qgj87-init-pod | container step-init: time="2026-04-29T13:14:47Z" level=info msg="[param] enable: false" time="2026-04-29T13:14:47Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:14:47Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:14:47Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:14:47Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:14:47Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:14:47Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:14:47Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:14:47Z" level=info msg="[result] NO PROXY: " New PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt found after retrigger for component build-e2e-alcd/fj-test-custom-branch-uwtimy PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt found for Component build-e2e-alcd/fj-test-custom-branch-uwtimy PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-2mwzt reason: Failed attempt 2/3: PipelineRun "fj-test-custom-branch-uwtimy-on-pull-request-2mwzt" failed: pod: fj-test-custom-branch-uwtimy-on-pull-request-2mwzt-init-pod | init container: prepare 2026/04/29 13:24:41 Entrypoint initialization pod: fj-test-custom-branch-uwtimy-on-pull-request-2mwzt-init-pod | container step-init: time="2026-04-29T13:24:45Z" level=info msg="[param] enable: false" time="2026-04-29T13:24:45Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:24:45Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:24:45Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:24:45Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:24:45Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:24:46Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:24:46Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:24:46Z" level=info msg="[result] NO PROXY: " New PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c found after retrigger for component build-e2e-alcd/fj-test-custom-branch-uwtimy PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c found for Component build-e2e-alcd/fj-test-custom-branch-uwtimy PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: ResolvingTaskRef PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun has not been created yet for the Component build-e2e-alcd/fj-test-custom-branch-uwtimy PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: Running PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping PipelineRun fj-test-custom-branch-uwtimy-on-pull-request-7cf6c reason: PipelineRunStopping attempt 3/3: PipelineRun "fj-test-custom-branch-uwtimy-on-pull-request-7cf6c" failed: context deadline exceeded [FAILED] in [It] - /workspace/source/test/e2e/pac_build.go:362 @ 04/29/26 14:00:10.614 << Timeline [FAILED] Expected success, but got an error: : context deadline exceeded {} In [It] at: /workspace/source/test/e2e/pac_build.go:362 @ 04/29/26 14:00:10.614 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new Component with specified custom branch is created [It] image repo and robot account created successfully [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:365 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:365 @ 04/29/26 14:00:13.086 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new Component with specified custom branch is created [It] created image repo is public [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:384 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:384 @ 04/29/26 14:00:13.086 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new Component with specified custom branch is created [It] image tag is updated successfully [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:390 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:390 @ 04/29/26 14:00:13.087 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new Component with specified custom branch is created [It] should ensure pruning labels are set [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:416 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:416 @ 04/29/26 14:00:13.087 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new Component with specified custom branch is created [It] eventually leads to the PipelineRun status report at Checks tab [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:433 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:433 @ 04/29/26 14:00:13.087 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is updated [It] eventually leads to triggering another PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:458 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:458 @ 04/29/26 14:00:13.088 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is updated [It] should lead to a PaC init PR update [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:473 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:473 @ 04/29/26 14:00:13.088 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is updated [It] PipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:492 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:492 @ 04/29/26 14:00:13.088 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is updated [It] eventually leads to another update of a PR about the PipelineRun status report at Checks tab [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:497 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:497 @ 04/29/26 14:00:13.089 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged [It] eventually leads to triggering another PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:523 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:523 @ 04/29/26 14:00:13.089 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged [It] pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:539 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:539 @ 04/29/26 14:00:13.089 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged [It] does not have expiration set [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:545 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:545 @ 04/29/26 14:00:13.089 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged [It] After updating image visibility to private, it should not trigger another PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:560 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:560 @ 04/29/26 14:00:13.09 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged [It] image repo is updated to private [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:590 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:590 @ 04/29/26 14:00:13.09 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:595 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:631 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the component is removed and recreated (with the same name in the same namespace) [It] should no longer lead to a creation of a PaC PR [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:701 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/pac_build.go:701 @ 04/29/26 14:00:13.091 ------------------------------ • [FAILED] [2647.439 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace [It] PAC PipelineRun for parent component is successful [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:401 Timeline >> PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx found for Component build-e2e-gixz/gh-multi-component-parent-wvpz PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-zv4kx reason: Failed attempt 1/3: PipelineRun "gh-multi-component-parent-wvpz-on-push-zv4kx" failed: pod: gh-multi-component-parent-wvpz-on-pull-request-r88jd-init-pod | init container: prepare 2026/04/29 13:13:46 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-pull-request-r88jd-init-pod | container step-init: time="2026-04-29T13:13:49Z" level=info msg="[param] enable: false" time="2026-04-29T13:13:49Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:13:49Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:13:49Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:13:49Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:13:49Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:13:49Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:13:49Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:13:49Z" level=info msg="[result] NO PROXY: " pod: gh-multi-component-parent-wvpz-on-push-zv4kx-apply-tags-pod | init container: prepare 2026/04/29 13:30:20 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-push-zv4kx-apply-tags-pod | container step-apply-additional-tags: time="2026-04-29T13:30:36Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:c9d27b2187204ebe6b990bf695f389fddc86a7a9" time="2026-04-29T13:30:36Z" level=info msg="[param] digest: sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573" time="2026-04-29T13:30:36Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-04-29T13:30:38Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: gh-multi-component-parent-wvpz-on-push-zv4kx-clair-scan-pod | init container: prepare 2026/04/29 13:29:01 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-push-zv4kx-clair-scan-pod | init container: place-scripts 2026/04/29 13:29:47 Decoded script /tekton/scripts/script-0-42crs 2026/04/29 13:29:47 Decoded script /tekton/scripts/script-1-bhw7n 2026/04/29 13:29:47 Decoded script /tekton/scripts/script-2-9js72 2026/04/29 13:29:47 Decoded script /tekton/scripts/script-3-86wjt pod: gh-multi-component-parent-wvpz-on-push-zv4kx-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz@sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573. pod: gh-multi-component-parent-wvpz-on-push-zv4kx-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-04-29T13:31:17Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"}] 2026-04-29T13:31:17Z INF libvuln initialized component=libvuln/New 2026-04-29T13:31:17Z INF registered configured scanners component=libindex/New 2026-04-29T13:31:17Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-04-29T13:31:17Z INF index request start component=libindex/Libindex.Index manifest=sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 2026-04-29T13:31:17Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 2026-04-29T13:31:17Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 state=CheckManifest 2026-04-29T13:31:17Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 state=FetchLayers 2026-04-29T13:31:18Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 state=FetchLayers 2026-04-29T13:31:18Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 state=FetchLayers 2026-04-29T13:31:18Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 state=ScanLayers 2026-04-29T13:31:19Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 state=ScanLayers 2026-04-29T13:31:19Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 state=IndexManifest 2026-04-29T13:31:19Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 state=IndexFinished 2026-04-29T13:31:19Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 state=IndexFinished 2026-04-29T13:31:19Z INF index request done component=libindex/Libindex.Index manifest=sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 { "manifest_hash": "sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573", "packages": { "+A7/nzEXX3Q/xJZ50VMnlQ==": { "id": "+A7/nzEXX3Q/xJZ50VMnlQ==", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+X1MdmtPTbyDb/wq7joJhA==": { "id": "+X1MdmtPTbyDb/wq7joJhA==", "name": "libtool-ltdl", "version": "2.4.6-46.el9", "kind": "binary", "source": { "id": "", "name": "libtool", "version": "2.4.6-46.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+bwl6UbMaWOBWdHNekJsEw==": { "id": "+bwl6UbMaWOBWdHNekJsEw==", "name": "coreutils-single", "version": "8.32-39.el9", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-39.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/L1kFEoHZTukrNTCQLypFQ==": { "id": "/L1kFEoHZTukrNTCQLypFQ==", "name": "xz-libs", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/O7rOBo1qRMFm3q3Kf3mEw==": { "id": "/O7rOBo1qRMFm3q3Kf3mEw==", "name": "libselinux", "version": "3.6-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.6-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/h/TBQhfoSMCmey5oN87jA==": { "id": "/h/TBQhfoSMCmey5oN87jA==", "name": "libsolv", "version": "0.7.24-3.el9", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.24-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ub7EE8Da46T0x7lRdlVJg==": { "id": "/ub7EE8Da46T0x7lRdlVJg==", "name": "libsmartcols", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0T19Aon0dgLleTpQjLWzKw==": { "id": "0T19Aon0dgLleTpQjLWzKw==", "name": "crypto-policies", "version": "20250128-1.git5269e22.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20250128-1.git5269e22.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1atoBfoH0mJ0bCpetQ7/0g==": { "id": "1atoBfoH0mJ0bCpetQ7/0g==", "name": "file-libs", "version": "5.39-16.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2gCbp4kt+cF44NF/LqukDg==": { "id": "2gCbp4kt+cF44NF/LqukDg==", "name": "pcre2-syntax", "version": "10.40-6.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "5+tHFkkNi+1rUDSrmgYdkw==": { "id": "5+tHFkkNi+1rUDSrmgYdkw==", "name": "p11-kit-trust", "version": "0.25.3-3.el9_5", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5fhQlRzIg/IB8EVM2pFIZA==": { "id": "5fhQlRzIg/IB8EVM2pFIZA==", "name": "audit-libs", "version": "3.1.5-4.el9", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.5-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6WyRl8U3PR6ipKlxqlBzFA==": { "id": "6WyRl8U3PR6ipKlxqlBzFA==", "name": "ncurses-base", "version": "6.2-10.20210508.el9_6.2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-10.20210508.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "7cpIREEQnkaI7dbmWgmrvg==": { "id": "7cpIREEQnkaI7dbmWgmrvg==", "name": "gdbm-libs", "version": "1:1.23-1.el9", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.23-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7mDaaxs3ev+uNEDYC97U3Q==": { "id": "7mDaaxs3ev+uNEDYC97U3Q==", "name": "zlib", "version": "1.2.11-40.el9", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-40.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7ra56f21gLrcSpBD8a9+NQ==": { "id": "7ra56f21gLrcSpBD8a9+NQ==", "name": "libmount", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7vssDPaHKfFKMLimKBo7Gw==": { "id": "7vssDPaHKfFKMLimKBo7Gw==", "name": "libpeas", "version": "1.30.0-4.el9", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.30.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8uME+PFu6p/OAD7q+ZTVLw==": { "id": "8uME+PFu6p/OAD7q+ZTVLw==", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9olIUlLHZMdoUMju+8diyQ==": { "id": "9olIUlLHZMdoUMju+8diyQ==", "name": "filesystem", "version": "3.16-5.el9", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.16-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BQhiFmX4hLYteW4oRCLTSA==": { "id": "BQhiFmX4hLYteW4oRCLTSA==", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BRLVvSCW1qZQlEQR2x48fQ==": { "id": "BRLVvSCW1qZQlEQR2x48fQ==", "name": "gobject-introspection", "version": "1.68.0-11.el9", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.68.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CpfomSYboaXPZ9yn9NgGgw==": { "id": "CpfomSYboaXPZ9yn9NgGgw==", "name": "krb5-libs", "version": "1.21.1-8.el9_6", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.21.1-8.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DrLq8qfU1bfE8o8AfdvkrQ==": { "id": "DrLq8qfU1bfE8o8AfdvkrQ==", "name": "libverto", "version": "0.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FZ9gWulzkx76xjTSH/yM/g==": { "id": "FZ9gWulzkx76xjTSH/yM/g==", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "binary", "source": { "id": "", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FrUQI+koTfbikRk1jsFd0w==": { "id": "FrUQI+koTfbikRk1jsFd0w==", "name": "libstdc++", "version": "11.5.0-5.el9_5", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.5.0-5.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G61ZL2SOHR2qgvQfi118gw==": { "id": "G61ZL2SOHR2qgvQfi118gw==", "name": "dejavu-sans-fonts", "version": "2.37-18.el9", "kind": "binary", "source": { "id": "", "name": "dejavu-fonts", "version": "2.37-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HQdWvmyUSqtI3UTY0T4JiQ==": { "id": "HQdWvmyUSqtI3UTY0T4JiQ==", "name": "pcre", "version": "8.44-4.el9", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "I16VSEydeiRYB1TSf5694A==": { "id": "I16VSEydeiRYB1TSf5694A==", "name": "libreport-filesystem", "version": "2.15.2-6.el9", "kind": "binary", "source": { "id": "", "name": "libreport", "version": "2.15.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IZ65O3ZOapykHwhaOX1/YA==": { "id": "IZ65O3ZOapykHwhaOX1/YA==", "name": "libnghttp2", "version": "1.43.0-6.el9", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.43.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JKP7JzVg7UGaAz4VrH03lQ==": { "id": "JKP7JzVg7UGaAz4VrH03lQ==", "name": "langpacks-core-font-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KF5C+zKu/uFB7knCqOvDAQ==": { "id": "KF5C+zKu/uFB7knCqOvDAQ==", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KXUGN6voGlWUMRN5TCFy4w==": { "id": "KXUGN6voGlWUMRN5TCFy4w==", "name": "systemd-libs", "version": "252-51.el9_6.2", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "252-51.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Lwqn0aweLQLZmo12VvYcog==": { "id": "Lwqn0aweLQLZmo12VvYcog==", "name": "popt", "version": "1.18-8.el9", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "M9YTWinowLqOqX/+8mbhjg==": { "id": "M9YTWinowLqOqX/+8mbhjg==", "name": "sqlite-libs", "version": "3.34.1-8.el9_6", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-8.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MDH8Zt4oQWDiYk9qFV5Lbg==": { "id": "MDH8Zt4oQWDiYk9qFV5Lbg==", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NdCY2/S+syamLH224R4hug==": { "id": "NdCY2/S+syamLH224R4hug==", "name": "langpacks-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "O1acB+rpl9OLkk9I6phF7Q==": { "id": "O1acB+rpl9OLkk9I6phF7Q==", "name": "shadow-utils", "version": "2:4.9-12.el9", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.9-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OCIjbR16ktOEiFK36r0WNw==": { "id": "OCIjbR16ktOEiFK36r0WNw==", "name": "libtasn1", "version": "4.16.0-9.el9", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.16.0-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OaFmq38HlbKLTTEM/qATzg==": { "id": "OaFmq38HlbKLTTEM/qATzg==", "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-31.el9_6.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OgwdUybWl/HQYbnPTE4Psw==": { "id": "OgwdUybWl/HQYbnPTE4Psw==", "name": "npth", "version": "1.6-8.el9", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.6-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ohssf0Jzlafd9vtrrUKCXg==": { "id": "Ohssf0Jzlafd9vtrrUKCXg==", "name": "bash", "version": "5.1.8-9.el9", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Om9zCJ/QZ+hnrEvj6fGw==": { "id": "P5Om9zCJ/QZ+hnrEvj6fGw==", "name": "libgcrypt", "version": "1.10.0-11.el9", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.10.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PIk2BBAWexCFofMi5q03RA==": { "id": "PIk2BBAWexCFofMi5q03RA==", "name": "pcre2", "version": "10.40-6.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PZXvGa4khHd2n6o73hJ/Pg==": { "id": "PZXvGa4khHd2n6o73hJ/Pg==", "name": "microdnf", "version": "3.9.1-3.el9", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.9.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RXh3fimX8fGZeCt4chJEiA==": { "id": "RXh3fimX8fGZeCt4chJEiA==", "name": "librhsm", "version": "0.0.3-9.el9", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "S8p9UGak1oycptcpYp/1eg==": { "id": "S8p9UGak1oycptcpYp/1eg==", "name": "openldap", "version": "2.6.8-4.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.8-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SjQtW3gQmgt+Qj8JlnY4Mg==": { "id": "SjQtW3gQmgt+Qj8JlnY4Mg==", "name": "libblkid", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Su8bfW9ijc0V5CiAum2V1g==": { "id": "Su8bfW9ijc0V5CiAum2V1g==", "name": "bzip2-libs", "version": "1.0.8-10.el9_5", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-10.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TPIRq84Pr3a6ywzPeCr3Pw==": { "id": "TPIRq84Pr3a6ywzPeCr3Pw==", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "To0NR+oyXDu1CYJfmVGurQ==": { "id": "To0NR+oyXDu1CYJfmVGurQ==", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VV2Z1ngTs6sGvt5SrayPCg==": { "id": "VV2Z1ngTs6sGvt5SrayPCg==", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VX9V+Y680L2xf2tBREdpCw==": { "id": "VX9V+Y680L2xf2tBREdpCw==", "name": "gmp", "version": "1:6.2.0-13.el9", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.2.0-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WtG8AvirpmNJ8wVE+fxfGQ==": { "id": "WtG8AvirpmNJ8wVE+fxfGQ==", "name": "libxml2", "version": "2.9.13-12.el9_6", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-12.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XG5+bW8np2NedSy/od6z8Q==": { "id": "XG5+bW8np2NedSy/od6z8Q==", "name": "libacl", "version": "2.3.1-4.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XJlS+gwEt7T+nNr/Bflqzg==": { "id": "XJlS+gwEt7T+nNr/Bflqzg==", "name": "glibc-minimal-langpack", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XMkvB1ljVS0bNTUu2UEs3g==": { "id": "XMkvB1ljVS0bNTUu2UEs3g==", "name": "libgcc", "version": "11.5.0-5.el9_5", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.5.0-5.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XwbkaIGCYyq6BjBMVZ1wzw==": { "id": "XwbkaIGCYyq6BjBMVZ1wzw==", "name": "readline", "version": "8.1-4.el9", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZabCZVOpeuHGnRiGdzqBig==": { "id": "ZabCZVOpeuHGnRiGdzqBig==", "name": "openssl-fips-provider-so", "version": "3.0.7-6.el9_5", "kind": "binary", "source": { "id": "", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "arLt5War9yeQ8auYn/Idmw==": { "id": "arLt5War9yeQ8auYn/Idmw==", "name": "nettle", "version": "3.10.1-1.el9", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.10.1-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ayTA+mXRKgSCRl5LaqP4/w==": { "id": "ayTA+mXRKgSCRl5LaqP4/w==", "name": "glib2", "version": "2.68.4-16.el9_6.2", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-16.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bFvWffGqJWr7FWnI7K9NVw==": { "id": "bFvWffGqJWr7FWnI7K9NVw==", "name": "grep", "version": "3.6-5.el9", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bemGVBhbDe9iV1Kjvd9hAA==": { "id": "bemGVBhbDe9iV1Kjvd9hAA==", "name": "libffi", "version": "3.4.2-8.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bgzKs6bbeWeXxcqE+n7Jog==": { "id": "bgzKs6bbeWeXxcqE+n7Jog==", "name": "libsepol", "version": "3.6-2.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.6-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dC9CoYt17eaqinGSVCfCxw==": { "id": "dC9CoYt17eaqinGSVCfCxw==", "name": "libattr", "version": "2.5.1-3.el9", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.5.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "de44cUqF23LvU0fOSvNRjA==": { "id": "de44cUqF23LvU0fOSvNRjA==", "name": "libevent", "version": "2.1.12-8.el9_4", "kind": "binary", "source": { "id": "", "name": "libevent", "version": "2.1.12-8.el9_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dpQG/pUwAqVv1OdQqnvylQ==": { "id": "dpQG/pUwAqVv1OdQqnvylQ==", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eK3V3oi6vbIfOQRAcWBYDw==": { "id": "eK3V3oi6vbIfOQRAcWBYDw==", "name": "glibc-common", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eRa7MZyiHBvsv7GPhkGKdg==": { "id": "eRa7MZyiHBvsv7GPhkGKdg==", "name": "lua-libs", "version": "5.4.4-4.el9", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.4.4-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eaygsCP+5IpdIryvw94Tcw==": { "id": "eaygsCP+5IpdIryvw94Tcw==", "name": "rootfiles", "version": "8.1-34.el9", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-34.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f8lJd/yoDqE6O0RUQGqkpQ==": { "id": "f8lJd/yoDqE6O0RUQGqkpQ==", "name": "libusbx", "version": "1.0.26-1.el9", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.26-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gsKPriszRNKAqMnHK+dXgw==": { "id": "gsKPriszRNKAqMnHK+dXgw==", "name": "libksba", "version": "1.5.1-7.el9", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.5.1-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hYEisV19Dxn4PvCvxJFm5A==": { "id": "hYEisV19Dxn4PvCvxJFm5A==", "name": "lz4-libs", "version": "1.9.3-5.el9", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iTD/lpKAM3AZEWh+zVx2tg==": { "id": "iTD/lpKAM3AZEWh+zVx2tg==", "name": "librepo", "version": "1.14.5-2.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.5-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iVtx1BX52G3zRfk+g/oWIg==": { "id": "iVtx1BX52G3zRfk+g/oWIg==", "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.2.2-6.el9_5.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iaJm7Mdk9UadnBII0ZwMeA==": { "id": "iaJm7Mdk9UadnBII0ZwMeA==", "name": "dnf-data", "version": "4.14.0-25.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.14.0-25.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "izPQpATHYfezyT+kcua/tQ==": { "id": "izPQpATHYfezyT+kcua/tQ==", "name": "gnutls", "version": "3.8.3-6.el9_6.2", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.8.3-6.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jAjaNW7NMGiv7HfByDu4RQ==": { "id": "jAjaNW7NMGiv7HfByDu4RQ==", "name": "alternatives", "version": "1.24-2.el9", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.24-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kAEPeyZOK/FwFoG6mOFUbQ==": { "id": "kAEPeyZOK/FwFoG6mOFUbQ==", "name": "libcap", "version": "2.48-9.el9_2", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-9.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kFxhSjWy84mTZBM4XiZaeQ==": { "id": "kFxhSjWy84mTZBM4XiZaeQ==", "name": "setup", "version": "2.13.7-10.el9", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.13.7-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kgbITSeRtKiT7enG8buGXw==": { "id": "kgbITSeRtKiT7enG8buGXw==", "name": "libcom_err", "version": "1.46.5-7.el9", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kigiD4fuysu8/DeCr+ONKQ==": { "id": "kigiD4fuysu8/DeCr+ONKQ==", "name": "basesystem", "version": "11-13.el9", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kp6BaioAZ30jbVeZkkzokA==": { "id": "kp6BaioAZ30jbVeZkkzokA==", "name": "libzstd", "version": "1.5.5-1.el9", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.5.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kvpHJLhsWpgEBJjx168pDg==": { "id": "kvpHJLhsWpgEBJjx168pDg==", "name": "tzdata", "version": "2025b-1.el9", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025b-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lI6hCbIwETVhCFhL4BxyiQ==": { "id": "lI6hCbIwETVhCFhL4BxyiQ==", "name": "libdnf", "version": "0.69.0-13.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.69.0-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lad8JH31WlI0MsNEYhUWlA==": { "id": "lad8JH31WlI0MsNEYhUWlA==", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mDM1q1sl0PqUWEn54kTSRw==": { "id": "mDM1q1sl0PqUWEn54kTSRw==", "name": "curl-minimal", "version": "7.76.1-31.el9_6.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-31.el9_6.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mK/FUfODp3MR7WS2xegPsw==": { "id": "mK/FUfODp3MR7WS2xegPsw==", "name": "langpacks-core-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mPqGnMbiXN6jP61aGbHvOA==": { "id": "mPqGnMbiXN6jP61aGbHvOA==", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nzQEyt4JfkGeZIIHPiBhog==": { "id": "nzQEyt4JfkGeZIIHPiBhog==", "name": "libuuid", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nzlusFbkan5h1d1Ks+BKBQ==": { "id": "nzlusFbkan5h1d1Ks+BKBQ==", "name": "ncurses-libs", "version": "6.2-10.20210508.el9_6.2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-10.20210508.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pYM7mYzFYUjRrK74RyhfOw==": { "id": "pYM7mYzFYUjRrK74RyhfOw==", "name": "redhat-release", "version": "9.6-0.1.el9", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "9.6-0.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qYSZ6aKFWol313IOGRXaug==": { "id": "qYSZ6aKFWol313IOGRXaug==", "name": "json-c", "version": "0.14-11.el9", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.14-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rCLp3m64Catai9VuHvh3Lw==": { "id": "rCLp3m64Catai9VuHvh3Lw==", "name": "keyutils-libs", "version": "1.6.3-1.el9", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rY/kE/V4JnxYoqV+lmc9mg==": { "id": "rY/kE/V4JnxYoqV+lmc9mg==", "name": "gawk", "version": "5.1.0-6.el9", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "5.1.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rlHYqOr0lkUB/Gs6b1kD2g==": { "id": "rlHYqOr0lkUB/Gs6b1kD2g==", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ssPaV1VLDu6d5ZJ6Rrmh3A==": { "id": "ssPaV1VLDu6d5ZJ6Rrmh3A==", "name": "sed", "version": "4.8-9.el9", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sx0C6L5COHIkv6yQQyPlbw==": { "id": "sx0C6L5COHIkv6yQQyPlbw==", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u5TyEoU5GA6Z2czzwhMLiA==": { "id": "u5TyEoU5GA6Z2czzwhMLiA==", "name": "fonts-filesystem", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "v3i4ez5juML2ZWwR+6dFFg==": { "id": "v3i4ez5juML2ZWwR+6dFFg==", "name": "gnupg2", "version": "2.3.3-4.el9", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.3.3-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wCA3gMNtInqX1xg18QcnQg==": { "id": "wCA3gMNtInqX1xg18QcnQg==", "name": "ca-certificates", "version": "2024.2.69_v8.0.303-91.4.el9_4", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2024.2.69_v8.0.303-91.4.el9_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wfJGCqOH8d+IYg/dAepx1A==": { "id": "wfJGCqOH8d+IYg/dAepx1A==", "name": "libarchive", "version": "3.5.3-6.el9_6", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-6.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "x4oijVhQU8BUwJwoFvk4QA==": { "id": "x4oijVhQU8BUwJwoFvk4QA==", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xSopjH0yPtbnx33MBmtmuA==": { "id": "xSopjH0yPtbnx33MBmtmuA==", "name": "rpm-libs", "version": "4.16.1.3-37.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xhMgwxa+ubXlCA6s9XfRgw==": { "id": "xhMgwxa+ubXlCA6s9XfRgw==", "name": "cyrus-sasl-lib", "version": "2.1.27-21.el9", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yEp9fQVFIQAEDPCwC3GLmA==": { "id": "yEp9fQVFIQAEDPCwC3GLmA==", "name": "libsemanage", "version": "3.6-5.el9_6", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.6-5.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zPvTALB8qlNtHa1j2iT5Zg==": { "id": "zPvTALB8qlNtHa1j2iT5Zg==", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "dad5d499-775c-4655-b217-35c04fbc4241": { "id": "dad5d499-775c-4655-b217-35c04fbc4241", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "9", "version_code_name": "", "version_id": "9", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 9" } }, "repository": { "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a": { "id": "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc": { "id": "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" } }, "environments": { "+A7/nzEXX3Q/xJZ50VMnlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "+X1MdmtPTbyDb/wq7joJhA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "+bwl6UbMaWOBWdHNekJsEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "/L1kFEoHZTukrNTCQLypFQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "/O7rOBo1qRMFm3q3Kf3mEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "/h/TBQhfoSMCmey5oN87jA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "/ub7EE8Da46T0x7lRdlVJg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "0T19Aon0dgLleTpQjLWzKw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "1atoBfoH0mJ0bCpetQ7/0g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "2gCbp4kt+cF44NF/LqukDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "5+tHFkkNi+1rUDSrmgYdkw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "5fhQlRzIg/IB8EVM2pFIZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "6WyRl8U3PR6ipKlxqlBzFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "7cpIREEQnkaI7dbmWgmrvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "7mDaaxs3ev+uNEDYC97U3Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "7ra56f21gLrcSpBD8a9+NQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "7vssDPaHKfFKMLimKBo7Gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "8uME+PFu6p/OAD7q+ZTVLw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "9olIUlLHZMdoUMju+8diyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "BQhiFmX4hLYteW4oRCLTSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "BRLVvSCW1qZQlEQR2x48fQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "CpfomSYboaXPZ9yn9NgGgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "DrLq8qfU1bfE8o8AfdvkrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "FZ9gWulzkx76xjTSH/yM/g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "FrUQI+koTfbikRk1jsFd0w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "G61ZL2SOHR2qgvQfi118gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "HQdWvmyUSqtI3UTY0T4JiQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "I16VSEydeiRYB1TSf5694A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "IZ65O3ZOapykHwhaOX1/YA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "JKP7JzVg7UGaAz4VrH03lQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "KF5C+zKu/uFB7knCqOvDAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "KXUGN6voGlWUMRN5TCFy4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "Lwqn0aweLQLZmo12VvYcog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "M9YTWinowLqOqX/+8mbhjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "MDH8Zt4oQWDiYk9qFV5Lbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "NdCY2/S+syamLH224R4hug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "O1acB+rpl9OLkk9I6phF7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "OCIjbR16ktOEiFK36r0WNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "OaFmq38HlbKLTTEM/qATzg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "OgwdUybWl/HQYbnPTE4Psw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "Ohssf0Jzlafd9vtrrUKCXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "P5Om9zCJ/QZ+hnrEvj6fGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "PIk2BBAWexCFofMi5q03RA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "PZXvGa4khHd2n6o73hJ/Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "RXh3fimX8fGZeCt4chJEiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "S8p9UGak1oycptcpYp/1eg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "SjQtW3gQmgt+Qj8JlnY4Mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "Su8bfW9ijc0V5CiAum2V1g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "TPIRq84Pr3a6ywzPeCr3Pw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "To0NR+oyXDu1CYJfmVGurQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "VV2Z1ngTs6sGvt5SrayPCg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "VX9V+Y680L2xf2tBREdpCw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "WtG8AvirpmNJ8wVE+fxfGQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "XG5+bW8np2NedSy/od6z8Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "XJlS+gwEt7T+nNr/Bflqzg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "XMkvB1ljVS0bNTUu2UEs3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "XwbkaIGCYyq6BjBMVZ1wzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "ZabCZVOpeuHGnRiGdzqBig==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "arLt5War9yeQ8auYn/Idmw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "ayTA+mXRKgSCRl5LaqP4/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "bFvWffGqJWr7FWnI7K9NVw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "bemGVBhbDe9iV1Kjvd9hAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "bgzKs6bbeWeXxcqE+n7Jog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "dC9CoYt17eaqinGSVCfCxw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "de44cUqF23LvU0fOSvNRjA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "dpQG/pUwAqVv1OdQqnvylQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "eK3V3oi6vbIfOQRAcWBYDw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "eRa7MZyiHBvsv7GPhkGKdg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "eaygsCP+5IpdIryvw94Tcw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "f8lJd/yoDqE6O0RUQGqkpQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "gsKPriszRNKAqMnHK+dXgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "hYEisV19Dxn4PvCvxJFm5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "iTD/lpKAM3AZEWh+zVx2tg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "iVtx1BX52G3zRfk+g/oWIg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "iaJm7Mdk9UadnBII0ZwMeA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "izPQpATHYfezyT+kcua/tQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "jAjaNW7NMGiv7HfByDu4RQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "kAEPeyZOK/FwFoG6mOFUbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "kFxhSjWy84mTZBM4XiZaeQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "kgbITSeRtKiT7enG8buGXw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "kigiD4fuysu8/DeCr+ONKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "kp6BaioAZ30jbVeZkkzokA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "kvpHJLhsWpgEBJjx168pDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "lI6hCbIwETVhCFhL4BxyiQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "lad8JH31WlI0MsNEYhUWlA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "mDM1q1sl0PqUWEn54kTSRw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "mK/FUfODp3MR7WS2xegPsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "mPqGnMbiXN6jP61aGbHvOA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "nzQEyt4JfkGeZIIHPiBhog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "nzlusFbkan5h1d1Ks+BKBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "pYM7mYzFYUjRrK74RyhfOw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "qYSZ6aKFWol313IOGRXaug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "rCLp3m64Catai9VuHvh3Lw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "rY/kE/V4JnxYoqV+lmc9mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "rlHYqOr0lkUB/Gs6b1kD2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "ssPaV1VLDu6d5ZJ6Rrmh3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "sx0C6L5COHIkv6yQQyPlbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "u5TyEoU5GA6Z2czzwhMLiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "v3i4ez5juML2ZWwR+6dFFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "wCA3gMNtInqX1xg18QcnQg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "wfJGCqOH8d+IYg/dAepx1A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "x4oijVhQU8BUwJwoFvk4QA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "xSopjH0yPtbnx33MBmtmuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "xhMgwxa+ubXlCA6s9XfRgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "yEp9fQVFIQAEDPCwC3GLmA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ], "zPvTALB8qlNtHa1j2iT5Zg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "dad5d499-775c-4655-b217-35c04fbc4241", "repository_ids": [ "1e7bf0f7-c3e1-4963-9ceb-b6e5aee77c1a", "2bce459d-3cf6-4f02-bc03-26ca0a6ac4cc" ] } ] }, "vulnerabilities": { "+U7CyAHaY71mhNm2Xnq2uw==": { "id": "+U7CyAHaY71mhNm2Xnq2uw==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "+UOyQgpOAnrWS+mVMK5k1Q==": { "id": "+UOyQgpOAnrWS+mVMK5k1Q==", "updater": "rhel-vex", "name": "CVE-2026-0861", "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "issued": "2026-01-14T21:01:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0861 https://bugzilla.redhat.com/show_bug.cgi?id=2429771 https://www.cve.org/CVERecord?id=CVE-2026-0861 https://nvd.nist.gov/vuln/detail/CVE-2026-0861 https://sourceware.org/bugzilla/show_bug.cgi?id=33796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0861.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "/A7M1zrsMND1dKjg2gEuyg==": { "id": "/A7M1zrsMND1dKjg2gEuyg==", "updater": "rhel-vex", "name": "CVE-2026-5450", "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "issued": "2026-04-20T20:55:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5450 https://bugzilla.redhat.com/show_bug.cgi?id=2459853 https://www.cve.org/CVERecord?id=CVE-2026-5450 https://nvd.nist.gov/vuln/detail/CVE-2026-5450 https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5450.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/jvSCV2RwJ6c/Llx9z8uvA==": { "id": "/jvSCV2RwJ6c/Llx9z8uvA==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "0E1VjQWdmolR9lr9ElIZZQ==": { "id": "0E1VjQWdmolR9lr9ElIZZQ==", "updater": "rhel-vex", "name": "CVE-2026-28389", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28389 https://bugzilla.redhat.com/show_bug.cgi?id=2451096 https://www.cve.org/CVERecord?id=CVE-2026-28389 https://nvd.nist.gov/vuln/detail/CVE-2026-28389 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28389.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1/8/Mjb4nleg0SsOivHAww==": { "id": "1/8/Mjb4nleg0SsOivHAww==", "updater": "rhel-vex", "name": "CVE-2025-9820", "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "issued": "2025-11-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9820 https://bugzilla.redhat.com/show_bug.cgi?id=2392528 https://www.cve.org/CVERecord?id=CVE-2025-9820 https://nvd.nist.gov/vuln/detail/CVE-2025-9820 https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 https://gitlab.com/gnutls/gnutls/-/issues/1732 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9820.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "1hhG+RKT0fsxlS/Wf/LWEA==": { "id": "1hhG+RKT0fsxlS/Wf/LWEA==", "updater": "rhel-vex", "name": "CVE-2026-0861", "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "issued": "2026-01-14T21:01:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0861 https://bugzilla.redhat.com/show_bug.cgi?id=2429771 https://www.cve.org/CVERecord?id=CVE-2026-0861 https://nvd.nist.gov/vuln/detail/CVE-2026-0861 https://sourceware.org/bugzilla/show_bug.cgi?id=33796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0861.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "1npmxgSnoYj2MyAhQMaE7g==": { "id": "1npmxgSnoYj2MyAhQMaE7g==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2TDjlt2gAEWsLyBBPigFYw==": { "id": "2TDjlt2gAEWsLyBBPigFYw==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3UNcgW64Eji4iyY2ZDB1cg==": { "id": "3UNcgW64Eji4iyY2ZDB1cg==", "updater": "rhel-vex", "name": "CVE-2026-3783", "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "issued": "2026-03-11T10:09:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3783 https://bugzilla.redhat.com/show_bug.cgi?id=2446450 https://www.cve.org/CVERecord?id=CVE-2026-3783 https://nvd.nist.gov/vuln/detail/CVE-2026-3783 http://www.openwall.com/lists/oss-security/2026/03/11/2 https://curl.se/docs/CVE-2026-3783.html https://curl.se/docs/CVE-2026-3783.json https://hackerone.com/reports/3583983 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3783.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3bb0a18NQSPWO0aeq9twVw==": { "id": "3bb0a18NQSPWO0aeq9twVw==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "429KD7e1Cl6AyUZNBGOTQw==": { "id": "429KD7e1Cl6AyUZNBGOTQw==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "4u3exWl+MPcCOYOgbQLM+A==": { "id": "4u3exWl+MPcCOYOgbQLM+A==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "59oEBlU3jh6EL6gtZDUaug==": { "id": "59oEBlU3jh6EL6gtZDUaug==", "updater": "rhel-vex", "name": "CVE-2026-4437", "description": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.", "issued": "2026-03-20T19:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4437 https://bugzilla.redhat.com/show_bug.cgi?id=2449777 https://www.cve.org/CVERecord?id=CVE-2026-4437 https://nvd.nist.gov/vuln/detail/CVE-2026-4437 https://sourceware.org/bugzilla/show_bug.cgi?id=34014 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4437.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5BksN0izCeDRrtFMsNCyvg==": { "id": "5BksN0izCeDRrtFMsNCyvg==", "updater": "rhel-vex", "name": "CVE-2025-9232", "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9232 https://bugzilla.redhat.com/show_bug.cgi?id=2396056 https://www.cve.org/CVERecord?id=CVE-2025-9232 https://nvd.nist.gov/vuln/detail/CVE-2025-9232 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9232.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5amguv6OT1njd8r+RXMCQQ==": { "id": "5amguv6OT1njd8r+RXMCQQ==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "6hAQW3vY9ZA/8datv1rY4g==": { "id": "6hAQW3vY9ZA/8datv1rY4g==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6rEIsdyQtCC456AuGwgsDQ==": { "id": "6rEIsdyQtCC456AuGwgsDQ==", "updater": "rhel-vex", "name": "CVE-2025-15079", "description": "A flaw was found in curl. When performing SSH-based transfers using SCP or SFTP, libcurl could mistakenly connect to hosts not listed in the user-specified knownhosts file. This occurs if the host is present in the libssh global knownhosts file, effectively bypassing the intended host verification. This could allow a remote attacker to connect to an untrusted host, potentially leading to information disclosure or man-in-the-middle attacks.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15079 https://bugzilla.redhat.com/show_bug.cgi?id=2426409 https://www.cve.org/CVERecord?id=CVE-2025-15079 https://nvd.nist.gov/vuln/detail/CVE-2025-15079 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15079.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "76mWuVYhbmIFsc4DNorK9A==": { "id": "76mWuVYhbmIFsc4DNorK9A==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "76z9Mpn8Jp7lhZSPsHTHug==": { "id": "76z9Mpn8Jp7lhZSPsHTHug==", "updater": "rhel-vex", "name": "CVE-2025-68973", "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "issued": "2025-12-28T16:19:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68973 https://bugzilla.redhat.com/show_bug.cgi?id=2425966 https://www.cve.org/CVERecord?id=CVE-2025-68973 https://nvd.nist.gov/vuln/detail/CVE-2025-68973 https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306 https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 https://gpg.fail/memcpy https://news.ycombinator.com/item?id=46403200 https://www.openwall.com/lists/oss-security/2025/12/28/5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68973.json https://access.redhat.com/errata/RHSA-2026:0719", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.3.3-5.el9_7", "arch_op": "pattern match" }, "78ARTcr/iVbEbtXWNEyadA==": { "id": "78ARTcr/iVbEbtXWNEyadA==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "7aI+wyLEqkIPj2Wh4f1UKg==": { "id": "7aI+wyLEqkIPj2Wh4f1UKg==", "updater": "rhel-vex", "name": "CVE-2026-40356", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40356 https://bugzilla.redhat.com/show_bug.cgi?id=2463368 https://www.cve.org/CVERecord?id=CVE-2026-40356 https://nvd.nist.gov/vuln/detail/CVE-2026-40356 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40356.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7eKrcl3YwGJqhWmZNbH7Eg==": { "id": "7eKrcl3YwGJqhWmZNbH7Eg==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "8MfvwX+dRI6Qt2H+x71rZg==": { "id": "8MfvwX+dRI6Qt2H+x71rZg==", "updater": "rhel-vex", "name": "CVE-2025-15224", "description": "A flaw was found in libcurl. When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15224 https://bugzilla.redhat.com/show_bug.cgi?id=2426410 https://www.cve.org/CVERecord?id=CVE-2025-15224 https://nvd.nist.gov/vuln/detail/CVE-2025-15224 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15224.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZCpE1M7eqNdy615aO2gLQ==": { "id": "8ZCpE1M7eqNdy615aO2gLQ==", "updater": "rhel-vex", "name": "CVE-2026-0992", "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0992 https://bugzilla.redhat.com/show_bug.cgi?id=2429975 https://www.cve.org/CVERecord?id=CVE-2026-0992 https://nvd.nist.gov/vuln/detail/CVE-2026-0992 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0992.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8kndQj/aRn+NNJdGVP9v4g==": { "id": "8kndQj/aRn+NNJdGVP9v4g==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9bjl4H6CMWLL3h1g5y6i9Q==": { "id": "9bjl4H6CMWLL3h1g5y6i9Q==", "updater": "rhel-vex", "name": "CVE-2026-5928", "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "issued": "2026-04-20T20:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5928 https://bugzilla.redhat.com/show_bug.cgi?id=2459854 https://www.cve.org/CVERecord?id=CVE-2026-5928 https://nvd.nist.gov/vuln/detail/CVE-2026-5928 https://sourceware.org/bugzilla/show_bug.cgi?id=33998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5928.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9iigvnuYDaC8UzcOIDLjIQ==": { "id": "9iigvnuYDaC8UzcOIDLjIQ==", "updater": "rhel-vex", "name": "CVE-2026-24883", "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "issued": "2026-01-27T18:43:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24883 https://bugzilla.redhat.com/show_bug.cgi?id=2433463 https://www.cve.org/CVERecord?id=CVE-2026-24883 https://nvd.nist.gov/vuln/detail/CVE-2026-24883 https://dev.gnupg.org/T8049 https://www.openwall.com/lists/oss-security/2026/01/27/8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24883.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AD3UsMwxeXvBzVWIm5l5yw==": { "id": "AD3UsMwxeXvBzVWIm5l5yw==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AUiFITCnRjRxctzqqbDeeA==": { "id": "AUiFITCnRjRxctzqqbDeeA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Argl342WI7oZtgSo+p9kMA==": { "id": "Argl342WI7oZtgSo+p9kMA==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "AwYRRq6SmgfJLn2NZxQUdw==": { "id": "AwYRRq6SmgfJLn2NZxQUdw==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BheYJlsY7UG2Ru8eF1IU4g==": { "id": "BheYJlsY7UG2Ru8eF1IU4g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libmount", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "D7U85Qc3CYAscEzhSfT76A==": { "id": "D7U85Qc3CYAscEzhSfT76A==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "DDxCHnX+kCqcRQj9b90/cg==": { "id": "DDxCHnX+kCqcRQj9b90/cg==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DTApvRZh1HJD5XbbpU3ahw==": { "id": "DTApvRZh1HJD5XbbpU3ahw==", "updater": "rhel-vex", "name": "CVE-2026-1757", "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "issued": "2026-02-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1757 https://bugzilla.redhat.com/show_bug.cgi?id=2435940 https://www.cve.org/CVERecord?id=CVE-2026-1757 https://nvd.nist.gov/vuln/detail/CVE-2026-1757 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DrIVK8+yvV91OzF2CS9o5A==": { "id": "DrIVK8+yvV91OzF2CS9o5A==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "Eh3WlvVSpgyvj1kaA5So7g==": { "id": "Eh3WlvVSpgyvj1kaA5So7g==", "updater": "rhel-vex", "name": "CVE-2025-13601", "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "issued": "2025-11-24T13:00:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://www.cve.org/CVERecord?id=CVE-2025-13601 https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13601.json https://access.redhat.com/errata/RHSA-2026:0936", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-18.el9_7.1", "arch_op": "pattern match" }, "Ez8lHT2uV9Tf9vJC/T4WXg==": { "id": "Ez8lHT2uV9Tf9vJC/T4WXg==", "updater": "rhel-vex", "name": "CVE-2026-4426", "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4426 https://bugzilla.redhat.com/show_bug.cgi?id=2449010 https://www.cve.org/CVERecord?id=CVE-2026-4426 https://nvd.nist.gov/vuln/detail/CVE-2026-4426 https://github.com/libarchive/libarchive/pull/2897 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4426.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "F4WBuBnk4OQIl1a5Q4CVPg==": { "id": "F4WBuBnk4OQIl1a5Q4CVPg==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://gitlab.gnome.org/GNOME/libxml2/-/issues/941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FLpBF1y0CvCfFuXOmlaRZw==": { "id": "FLpBF1y0CvCfFuXOmlaRZw==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json https://access.redhat.com/errata/RHSA-2025:22376", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-14.el9_7", "arch_op": "pattern match" }, "FQwXyPZ+oHyxQZ9RBQXbpw==": { "id": "FQwXyPZ+oHyxQZ9RBQXbpw==", "updater": "rhel-vex", "name": "CVE-2025-13034", "description": "A flaw was found in curl. When configured to use public key pinning with QUIC connections and GnuTLS, and with standard certificate verification explicitly disabled, curl could bypass the intended public key check. This oversight allows a malicious server to impersonate a legitimate one, potentially leading to unauthorized access or information disclosure due to a failure in verifying the server's identity.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13034 https://bugzilla.redhat.com/show_bug.cgi?id=2426406 https://www.cve.org/CVERecord?id=CVE-2025-13034 https://nvd.nist.gov/vuln/detail/CVE-2025-13034 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13034.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GAn7gWUe2pFr7PbwechqxA==": { "id": "GAn7gWUe2pFr7PbwechqxA==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GWKQvGJTKzyU9GiQECoFhg==": { "id": "GWKQvGJTKzyU9GiQECoFhg==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "HxI42iSjURjRki+uV6q/9w==": { "id": "HxI42iSjURjRki+uV6q/9w==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ie7rkr8oApZOM9PK2gFB6A==": { "id": "Ie7rkr8oApZOM9PK2gFB6A==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IrRjtVOpf04EO7iAKFAznQ==": { "id": "IrRjtVOpf04EO7iAKFAznQ==", "updater": "rhel-vex", "name": "CVE-2026-0915", "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "issued": "2026-01-15T22:08:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0915 https://bugzilla.redhat.com/show_bug.cgi?id=2430201 https://www.cve.org/CVERecord?id=CVE-2026-0915 https://nvd.nist.gov/vuln/detail/CVE-2026-0915 https://sourceware.org/bugzilla/show_bug.cgi?id=33802 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0915.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "Iy2V+5RC7ENxxmnS9KdBOw==": { "id": "Iy2V+5RC7ENxxmnS9KdBOw==", "updater": "rhel-vex", "name": "CVE-2026-0915", "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "issued": "2026-01-15T22:08:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0915 https://bugzilla.redhat.com/show_bug.cgi?id=2430201 https://www.cve.org/CVERecord?id=CVE-2026-0915 https://nvd.nist.gov/vuln/detail/CVE-2026-0915 https://sourceware.org/bugzilla/show_bug.cgi?id=33802 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0915.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "JK4fCJz1Ja5lmfE/vF5PcQ==": { "id": "JK4fCJz1Ja5lmfE/vF5PcQ==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "JqWXvYyB4T300h7KRcWtFA==": { "id": "JqWXvYyB4T300h7KRcWtFA==", "updater": "rhel-vex", "name": "CVE-2025-13601", "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "issued": "2025-11-24T13:00:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://www.cve.org/CVERecord?id=CVE-2025-13601 https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13601.json https://access.redhat.com/errata/RHSA-2026:0936", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-18.el9_7.1", "arch_op": "pattern match" }, "Jrkns8qeStFRPhcitcuZ4w==": { "id": "Jrkns8qeStFRPhcitcuZ4w==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "KCgZ2MK707GRfjAO2Q3SOA==": { "id": "KCgZ2MK707GRfjAO2Q3SOA==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "KMGV9rbVZ/vVUNSX6f+JqA==": { "id": "KMGV9rbVZ/vVUNSX6f+JqA==", "updater": "rhel-vex", "name": "CVE-2026-4111", "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "issued": "2026-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4111 https://bugzilla.redhat.com/show_bug.cgi?id=2446453 https://www.cve.org/CVERecord?id=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 https://github.com/libarchive/libarchive/pull/2877 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json https://access.redhat.com/errata/RHSA-2026:5080", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-7.el9_7", "arch_op": "pattern match" }, "Kqq2xlybjD/tOLmQWu2xPw==": { "id": "Kqq2xlybjD/tOLmQWu2xPw==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L1pkWyFlg006sdV2pKTg4A==": { "id": "L1pkWyFlg006sdV2pKTg4A==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-fips-provider", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LeWRqc+lggRL8KnG53e6CA==": { "id": "LeWRqc+lggRL8KnG53e6CA==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "Lhc4n2a9ma6eRDB/RCRmLQ==": { "id": "Lhc4n2a9ma6eRDB/RCRmLQ==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "LuirMfnv2JkWFEU8MUuKUQ==": { "id": "LuirMfnv2JkWFEU8MUuKUQ==", "updater": "rhel-vex", "name": "CVE-2025-13151", "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "issued": "2026-01-07T21:14:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13151 https://bugzilla.redhat.com/show_bug.cgi?id=2427698 https://www.cve.org/CVERecord?id=CVE-2025-13151 https://nvd.nist.gov/vuln/detail/CVE-2025-13151 https://gitlab.com/gnutls/libtasn1 https://gitlab.com/gnutls/libtasn1/-/merge_requests/121 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LxYgcRll4fEnbCHHZWt4BA==": { "id": "LxYgcRll4fEnbCHHZWt4BA==", "updater": "rhel-vex", "name": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "issued": "2026-03-30T07:44:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5121 https://bugzilla.redhat.com/show_bug.cgi?id=2452945 https://www.cve.org/CVERecord?id=CVE-2026-5121 https://nvd.nist.gov/vuln/detail/CVE-2026-5121 https://github.com/advisories/GHSA-2vwv-vqpv-v8vc https://github.com/libarchive/libarchive/pull/2934 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5121.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "M293c+QguJ/aaYP3cMwfyQ==": { "id": "M293c+QguJ/aaYP3cMwfyQ==", "updater": "rhel-vex", "name": "CVE-2026-28388", "description": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28388 https://bugzilla.redhat.com/show_bug.cgi?id=2451097 https://www.cve.org/CVERecord?id=CVE-2026-28388 https://nvd.nist.gov/vuln/detail/CVE-2026-28388 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28388.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MT27FBW6q+x91HBvTyGVKQ==": { "id": "MT27FBW6q+x91HBvTyGVKQ==", "updater": "rhel-vex", "name": "CVE-2026-4046", "description": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-30T17:16:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4046 https://bugzilla.redhat.com/show_bug.cgi?id=2453117 https://www.cve.org/CVERecord?id=CVE-2026-4046 https://nvd.nist.gov/vuln/detail/CVE-2026-4046 https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/ https://sourceware.org/bugzilla/show_bug.cgi?id=33980 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4046.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "N7otM4CJgwQwy0Mz0UA3Vw==": { "id": "N7otM4CJgwQwy0Mz0UA3Vw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "NrTzMmbWyM5UeSvnQVNLOg==": { "id": "NrTzMmbWyM5UeSvnQVNLOg==", "updater": "rhel-vex", "name": "CVE-2026-0988", "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0988 https://bugzilla.redhat.com/show_bug.cgi?id=2429886 https://www.cve.org/CVERecord?id=CVE-2026-0988 https://nvd.nist.gov/vuln/detail/CVE-2026-0988 https://gitlab.gnome.org/GNOME/glib/-/issues/3851 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0988.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OB9n4NdBrq+3wlcM9+90Dg==": { "id": "OB9n4NdBrq+3wlcM9+90Dg==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "PUCpgzV2LGcCb5yPJbawGw==": { "id": "PUCpgzV2LGcCb5yPJbawGw==", "updater": "rhel-vex", "name": "CVE-2025-68973", "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "issued": "2025-12-28T16:19:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68973 https://bugzilla.redhat.com/show_bug.cgi?id=2425966 https://www.cve.org/CVERecord?id=CVE-2025-68973 https://nvd.nist.gov/vuln/detail/CVE-2025-68973 https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306 https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 https://gpg.fail/memcpy https://news.ycombinator.com/item?id=46403200 https://www.openwall.com/lists/oss-security/2025/12/28/5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68973.json https://access.redhat.com/errata/RHSA-2026:0719", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.3.3-5.el9_7", "arch_op": "pattern match" }, "PrCrIesi0sSvMQjPpvxecw==": { "id": "PrCrIesi0sSvMQjPpvxecw==", "updater": "rhel-vex", "name": "CVE-2025-14512", "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "issued": "2025-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14512 https://bugzilla.redhat.com/show_bug.cgi?id=2421339 https://www.cve.org/CVERecord?id=CVE-2025-14512 https://nvd.nist.gov/vuln/detail/CVE-2025-14512 https://gitlab.gnome.org/GNOME/glib/-/issues/3845 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14512.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Pza9Y2xtH9MChVMkZwgw2A==": { "id": "Pza9Y2xtH9MChVMkZwgw2A==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q6o565VsHFcmyuOW6jCOGw==": { "id": "Q6o565VsHFcmyuOW6jCOGw==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "QSP4YGVknCXnnhDrDAxftg==": { "id": "QSP4YGVknCXnnhDrDAxftg==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "Qbjoqw6Ot3cGOKNyQYBo4g==": { "id": "Qbjoqw6Ot3cGOKNyQYBo4g==", "updater": "rhel-vex", "name": "CVE-2025-14087", "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14087 https://bugzilla.redhat.com/show_bug.cgi?id=2419093 https://www.cve.org/CVERecord?id=CVE-2025-14087 https://nvd.nist.gov/vuln/detail/CVE-2025-14087 https://gitlab.gnome.org/GNOME/glib/-/issues/3834 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14087.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QskDoDnTSvrQeDXklM4YOw==": { "id": "QskDoDnTSvrQeDXklM4YOw==", "updater": "rhel-vex", "name": "CVE-2026-4105", "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "issued": "2026-03-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4105 https://bugzilla.redhat.com/show_bug.cgi?id=2447262 https://www.cve.org/CVERecord?id=CVE-2026-4105 https://nvd.nist.gov/vuln/detail/CVE-2026-4105 https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4105.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RHShqbO2hqcBNPYbKDg/3A==": { "id": "RHShqbO2hqcBNPYbKDg/3A==", "updater": "rhel-vex", "name": "CVE-2026-6732", "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "issued": "2026-04-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6732 https://bugzilla.redhat.com/show_bug.cgi?id=2461300 https://www.cve.org/CVERecord?id=CVE-2026-6732 https://nvd.nist.gov/vuln/detail/CVE-2026-6732 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097 https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6732.json", "severity": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S5Dzz9cigoJDCj8s5UcT0g==": { "id": "S5Dzz9cigoJDCj8s5UcT0g==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SYSyRuW2vXdWcXLSfRP1aQ==": { "id": "SYSyRuW2vXdWcXLSfRP1aQ==", "updater": "rhel-vex", "name": "CVE-2025-15281", "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "issued": "2026-01-20T13:22:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15281 https://bugzilla.redhat.com/show_bug.cgi?id=2431196 https://www.cve.org/CVERecord?id=CVE-2025-15281 https://nvd.nist.gov/vuln/detail/CVE-2025-15281 https://sourceware.org/bugzilla/show_bug.cgi?id=33814 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15281.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "T+jfDhqJcXwVQ38oWEz/6g==": { "id": "T+jfDhqJcXwVQ38oWEz/6g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libsmartcols", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "TccjTp2Y8sTyWrjrm24IKA==": { "id": "TccjTp2Y8sTyWrjrm24IKA==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libmount", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "TwoNniaY2Urt7TF64epJXg==": { "id": "TwoNniaY2Urt7TF64epJXg==", "updater": "rhel-vex", "name": "CVE-2026-31790", "description": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31790 https://bugzilla.redhat.com/show_bug.cgi?id=2451094 https://www.cve.org/CVERecord?id=CVE-2026-31790 https://nvd.nist.gov/vuln/detail/CVE-2026-31790 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31790.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VWEbeFnFOHy1IkG21b5a5g==": { "id": "VWEbeFnFOHy1IkG21b5a5g==", "updater": "rhel-vex", "name": "CVE-2023-30571", "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "issued": "2023-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VYGbkY0i6P3tRJd9mM1wNg==": { "id": "VYGbkY0i6P3tRJd9mM1wNg==", "updater": "rhel-vex", "name": "CVE-2026-1489", "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1489 https://bugzilla.redhat.com/show_bug.cgi?id=2433348 https://www.cve.org/CVERecord?id=CVE-2026-1489 https://nvd.nist.gov/vuln/detail/CVE-2026-1489 https://gitlab.gnome.org/GNOME/glib/-/issues/3872 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1489.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VzbOWZs6Sa8zFH+GQEnasQ==": { "id": "VzbOWZs6Sa8zFH+GQEnasQ==", "updater": "rhel-vex", "name": "CVE-2026-4878", "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "issued": "2026-04-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2451615 https://www.cve.org/CVERecord?id=CVE-2026-4878 https://nvd.nist.gov/vuln/detail/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2447554 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WP0Zjo/ORuC7+jbSIrru8A==": { "id": "WP0Zjo/ORuC7+jbSIrru8A==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "WVv0x6iWhzRgZZTPZ190Ng==": { "id": "WVv0x6iWhzRgZZTPZ190Ng==", "updater": "rhel-vex", "name": "CVE-2026-28386", "description": "A flaw was found in openssl. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support may experience a Denial of Service (DoS). This occurs when processing partial cipher blocks, specifically if the input buffer ends at a memory page boundary and the subsequent page is unmapped. This can lead to an out-of-bounds read of up to 15 bytes and a potential application crash.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28386 https://bugzilla.redhat.com/show_bug.cgi?id=2451099 https://www.cve.org/CVERecord?id=CVE-2026-28386 https://nvd.nist.gov/vuln/detail/CVE-2026-28386 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28386.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WxO9le6q4ACTs4KnSuckDw==": { "id": "WxO9le6q4ACTs4KnSuckDw==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json https://access.redhat.com/errata/RHSA-2025:20559", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-15.el9", "arch_op": "pattern match" }, "X7DmUVoCri5i6vdYVBBgXg==": { "id": "X7DmUVoCri5i6vdYVBBgXg==", "updater": "rhel-vex", "name": "CVE-2026-1965", "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "issued": "2026-03-11T10:08:52Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1965 https://bugzilla.redhat.com/show_bug.cgi?id=2446448 https://www.cve.org/CVERecord?id=CVE-2026-1965 https://nvd.nist.gov/vuln/detail/CVE-2026-1965 https://curl.se/docs/CVE-2026-1965.html https://curl.se/docs/CVE-2026-1965.json https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1965.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XPUXyp+BOEJyEGOgXafi8Q==": { "id": "XPUXyp+BOEJyEGOgXafi8Q==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XdzUGUJMTsfPfs79OXKU4Q==": { "id": "XdzUGUJMTsfPfs79OXKU4Q==", "updater": "rhel-vex", "name": "CVE-2025-14831", "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "issued": "2026-02-09T14:26:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14831 https://bugzilla.redhat.com/show_bug.cgi?id=2423177 https://www.cve.org/CVERecord?id=CVE-2025-14831 https://nvd.nist.gov/vuln/detail/CVE-2025-14831 https://gitlab.com/gnutls/gnutls/-/issues/1773 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14831.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "YIlv6HIDfGqvZL/MDTWWpg==": { "id": "YIlv6HIDfGqvZL/MDTWWpg==", "updater": "rhel-vex", "name": "CVE-2026-3805", "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "issued": "2026-03-11T10:09:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3805 https://bugzilla.redhat.com/show_bug.cgi?id=2446451 https://www.cve.org/CVERecord?id=CVE-2026-3805 https://nvd.nist.gov/vuln/detail/CVE-2026-3805 http://www.openwall.com/lists/oss-security/2026/03/11/4 https://curl.se/docs/CVE-2026-3805.html https://curl.se/docs/CVE-2026-3805.json https://hackerone.com/reports/3591944 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3805.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YX2rGofSXHBcNhTOGpNkAA==": { "id": "YX2rGofSXHBcNhTOGpNkAA==", "updater": "rhel-vex", "name": "CVE-2026-4424", "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://www.cve.org/CVERecord?id=CVE-2026-4424 https://nvd.nist.gov/vuln/detail/CVE-2026-4424 https://github.com/libarchive/libarchive/pull/2898 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "YtNpM5pykErH+UBXZABWdg==": { "id": "YtNpM5pykErH+UBXZABWdg==", "updater": "rhel-vex", "name": "CVE-2026-28390", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T22:00:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28390 https://bugzilla.redhat.com/show_bug.cgi?id=2456314 https://www.cve.org/CVERecord?id=CVE-2026-28390 https://nvd.nist.gov/vuln/detail/CVE-2026-28390 https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6 https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4 https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788 https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28390.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a9FllBAJiFi5FeYl0KG4aQ==": { "id": "a9FllBAJiFi5FeYl0KG4aQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aOUfuyvyyWEe7Z1IZT+fGw==": { "id": "aOUfuyvyyWEe7Z1IZT+fGw==", "updater": "rhel-vex", "name": "CVE-2026-34743", "description": "A flaw was found in XZ Utils. When the `lzma_index_decoder()` function processes an empty index, and a subsequent `lzma_index_append()` operation is performed, insufficient memory is allocated. This can lead to a buffer overflow, potentially causing a denial of service (DoS) for affected systems.", "issued": "2026-04-02T18:36:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34743 https://bugzilla.redhat.com/show_bug.cgi?id=2454589 https://www.cve.org/CVERecord?id=CVE-2026-34743 https://nvd.nist.gov/vuln/detail/CVE-2026-34743 https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87 https://github.com/tukaani-project/xz/releases/tag/v5.8.3 https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34743.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "xz", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bOC69k4Gpn8Av1w/ra2Tdw==": { "id": "bOC69k4Gpn8Av1w/ra2Tdw==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libuuid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "bgJs7DKkcMwNTsh9yTDgQg==": { "id": "bgJs7DKkcMwNTsh9yTDgQg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libblkid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "bjyLMZdYnkrpUxDySiQ34Q==": { "id": "bjyLMZdYnkrpUxDySiQ34Q==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "bugTfOdgCaATW4vTnuXTSQ==": { "id": "bugTfOdgCaATW4vTnuXTSQ==", "updater": "rhel-vex", "name": "CVE-2025-70873", "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "issued": "2026-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-70873 https://bugzilla.redhat.com/show_bug.cgi?id=2447086 https://www.cve.org/CVERecord?id=CVE-2025-70873 https://nvd.nist.gov/vuln/detail/CVE-2025-70873 https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054 https://sqlite.org/forum/forumpost/761eac3c82 https://sqlite.org/src/info/3d459f1fb1bd1b5e https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70873.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d/522T+B/ARMNSG+3QfAWA==": { "id": "d/522T+B/ARMNSG+3QfAWA==", "updater": "rhel-vex", "name": "CVE-2026-22185", "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "issued": "2026-01-07T20:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22185 https://bugzilla.redhat.com/show_bug.cgi?id=2427679 https://www.cve.org/CVERecord?id=CVE-2026-22185 https://nvd.nist.gov/vuln/detail/CVE-2026-22185 https://seclists.org/fulldisclosure/2026/Jan/5 https://seclists.org/fulldisclosure/2026/Jan/8 https://www.openldap.org/ https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22185.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openldap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e/EuZlSZUQTHCSl8kHuFag==": { "id": "e/EuZlSZUQTHCSl8kHuFag==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "e0/Fzu8wfMZp9zX32i9rMQ==": { "id": "e0/Fzu8wfMZp9zX32i9rMQ==", "updater": "rhel-vex", "name": "CVE-2026-27456", "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "issued": "2026-04-03T21:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27456 https://bugzilla.redhat.com/show_bug.cgi?id=2454956 https://www.cve.org/CVERecord?id=CVE-2026-27456 https://nvd.nist.gov/vuln/detail/CVE-2026-27456 https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4 https://github.com/util-linux/util-linux/releases/tag/v2.41.4 https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27456.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e0VfCD1REapdkagkByCnXQ==": { "id": "e0VfCD1REapdkagkByCnXQ==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eUh0vSDVmqXTnsB7jL0b4g==": { "id": "eUh0vSDVmqXTnsB7jL0b4g==", "updater": "rhel-vex", "name": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "issued": "2026-03-30T07:44:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5121 https://bugzilla.redhat.com/show_bug.cgi?id=2452945 https://www.cve.org/CVERecord?id=CVE-2026-5121 https://nvd.nist.gov/vuln/detail/CVE-2026-5121 https://github.com/advisories/GHSA-2vwv-vqpv-v8vc https://github.com/libarchive/libarchive/pull/2934 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5121.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "f6oGdnhZomBa/bs3snB3kA==": { "id": "f6oGdnhZomBa/bs3snB3kA==", "updater": "rhel-vex", "name": "CVE-2025-14831", "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "issued": "2026-02-09T14:26:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14831 https://bugzilla.redhat.com/show_bug.cgi?id=2423177 https://www.cve.org/CVERecord?id=CVE-2025-14831 https://nvd.nist.gov/vuln/detail/CVE-2025-14831 https://gitlab.com/gnutls/gnutls/-/issues/1773 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14831.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "fFM0zIKtKuexRqlZMkzQpg==": { "id": "fFM0zIKtKuexRqlZMkzQpg==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "g6ZHihkpvpkr3oZoVOs05w==": { "id": "g6ZHihkpvpkr3oZoVOs05w==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "hHDtCxiuvJ9VSCSwnEG0Fw==": { "id": "hHDtCxiuvJ9VSCSwnEG0Fw==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7668", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-6.el9_7.1", "arch_op": "pattern match" }, "iF/o4aDbQf1DAw7R+LiVQw==": { "id": "iF/o4aDbQf1DAw7R+LiVQw==", "updater": "rhel-vex", "name": "CVE-2025-68972", "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "issued": "2025-12-27T22:52:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68972 https://bugzilla.redhat.com/show_bug.cgi?id=2425646 https://www.cve.org/CVERecord?id=CVE-2025-68972 https://nvd.nist.gov/vuln/detail/CVE-2025-68972 https://gpg.fail/formfeed https://news.ycombinator.com/item?id=46404339 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ija3h8P09PxwjEuLSUS2HA==": { "id": "ija3h8P09PxwjEuLSUS2HA==", "updater": "rhel-vex", "name": "CVE-2026-4438", "description": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.", "issued": "2026-03-20T19:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4438 https://bugzilla.redhat.com/show_bug.cgi?id=2449783 https://www.cve.org/CVERecord?id=CVE-2026-4438 https://nvd.nist.gov/vuln/detail/CVE-2026-4438 https://sourceware.org/bugzilla/show_bug.cgi?id=34015 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4438.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ixD2h349uZz3eCy55KxIlw==": { "id": "ixD2h349uZz3eCy55KxIlw==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "ixc06f0H9vqMfsbwQSwwvA==": { "id": "ixc06f0H9vqMfsbwQSwwvA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j/vFtwZCr4ow5q2VPKgR9g==": { "id": "j/vFtwZCr4ow5q2VPKgR9g==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "jiVVTQmOtKqVixv7agF/Hg==": { "id": "jiVVTQmOtKqVixv7agF/Hg==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "klH60uFrR0WkawaSlcOEKg==": { "id": "klH60uFrR0WkawaSlcOEKg==", "updater": "rhel-vex", "name": "CVE-2026-1484", "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1484 https://bugzilla.redhat.com/show_bug.cgi?id=2433259 https://www.cve.org/CVERecord?id=CVE-2026-1484 https://nvd.nist.gov/vuln/detail/CVE-2026-1484 https://gitlab.gnome.org/GNOME/glib/-/issues/3870 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1484.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "l1pK1ezh6e0g8I+Dp2iK7w==": { "id": "l1pK1ezh6e0g8I+Dp2iK7w==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "l6IrI73Pg+lrisEtcgX+0Q==": { "id": "l6IrI73Pg+lrisEtcgX+0Q==", "updater": "rhel-vex", "name": "CVE-2026-3784", "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "issued": "2026-03-11T10:09:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3784 https://bugzilla.redhat.com/show_bug.cgi?id=2446449 https://www.cve.org/CVERecord?id=CVE-2026-3784 https://nvd.nist.gov/vuln/detail/CVE-2026-3784 http://www.openwall.com/lists/oss-security/2026/03/11/3 https://curl.se/docs/CVE-2026-3784.html https://curl.se/docs/CVE-2026-3784.json https://hackerone.com/reports/3584903 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3784.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lQBARBTddFvexevUD04GZA==": { "id": "lQBARBTddFvexevUD04GZA==", "updater": "rhel-vex", "name": "CVE-2026-5745", "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5745 https://bugzilla.redhat.com/show_bug.cgi?id=2455921 https://www.cve.org/CVERecord?id=CVE-2026-5745 https://nvd.nist.gov/vuln/detail/CVE-2026-5745 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5745.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lppk3oI+Rm/KVCEYBGVKcg==": { "id": "lppk3oI+Rm/KVCEYBGVKcg==", "updater": "rhel-vex", "name": "CVE-2026-40355", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40355 https://bugzilla.redhat.com/show_bug.cgi?id=2463370 https://www.cve.org/CVERecord?id=CVE-2026-40355 https://nvd.nist.gov/vuln/detail/CVE-2026-40355 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40355.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mJw+LvAbCoVMIOZXCXNFpg==": { "id": "mJw+LvAbCoVMIOZXCXNFpg==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mYgwcPpa/l0bTZdysqbplg==": { "id": "mYgwcPpa/l0bTZdysqbplg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json https://access.redhat.com/errata/RHSA-2025:22376", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-14.el9_7", "arch_op": "pattern match" }, "mZCCwO//htsOIXazj/SeOw==": { "id": "mZCCwO//htsOIXazj/SeOw==", "updater": "rhel-vex", "name": "CVE-2026-31789", "description": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31789 https://bugzilla.redhat.com/show_bug.cgi?id=2451095 https://www.cve.org/CVERecord?id=CVE-2026-31789 https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31789.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ncqqUTuMttuUZ8SF9/Ywrg==": { "id": "ncqqUTuMttuUZ8SF9/Ywrg==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "oqSc7q4k6wTno/u9knscCQ==": { "id": "oqSc7q4k6wTno/u9knscCQ==", "updater": "rhel-vex", "name": "CVE-2024-9681", "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "issued": "2024-11-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9681 https://bugzilla.redhat.com/show_bug.cgi?id=2322969 https://www.cve.org/CVERecord?id=CVE-2024-9681 https://nvd.nist.gov/vuln/detail/CVE-2024-9681 https://hackerone.com/reports/2764830 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9681.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qFIYjZJeFnLAVC7lR0n6oQ==": { "id": "qFIYjZJeFnLAVC7lR0n6oQ==", "updater": "rhel-vex", "name": "CVE-2026-0989", "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \u003cinclude\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0989 https://bugzilla.redhat.com/show_bug.cgi?id=2429933 https://www.cve.org/CVERecord?id=CVE-2026-0989 https://nvd.nist.gov/vuln/detail/CVE-2026-0989 https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0989.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rz/CPeG1fPitayrSa0BFxQ==": { "id": "rz/CPeG1fPitayrSa0BFxQ==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "sJNoOKrtqJYf9M2tWcTlqg==": { "id": "sJNoOKrtqJYf9M2tWcTlqg==", "updater": "rhel-vex", "name": "CVE-2025-15281", "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "issued": "2026-01-20T13:22:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15281 https://bugzilla.redhat.com/show_bug.cgi?id=2431196 https://www.cve.org/CVERecord?id=CVE-2025-15281 https://nvd.nist.gov/vuln/detail/CVE-2025-15281 https://sourceware.org/bugzilla/show_bug.cgi?id=33814 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15281.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "smB1yCGhBb8gDhPAER7odg==": { "id": "smB1yCGhBb8gDhPAER7odg==", "updater": "rhel-vex", "name": "CVE-2025-14524", "description": "A flaw was found in curl. When an OAuth2 (Open Authorization) bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a different scheme like IMAP, LDAP, POP3, or SMTP, curl might incorrectly pass the bearer token to the new target host. This could lead to information disclosure, where sensitive authentication tokens are exposed to unintended recipients.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14524 https://bugzilla.redhat.com/show_bug.cgi?id=2426407 https://www.cve.org/CVERecord?id=CVE-2025-14524 https://nvd.nist.gov/vuln/detail/CVE-2025-14524 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14524.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "svCt47J2Zwa45xj8gn3U/w==": { "id": "svCt47J2Zwa45xj8gn3U/w==", "updater": "rhel-vex", "name": "CVE-2026-1485", "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1485 https://bugzilla.redhat.com/show_bug.cgi?id=2433325 https://www.cve.org/CVERecord?id=CVE-2026-1485 https://nvd.nist.gov/vuln/detail/CVE-2026-1485 https://gitlab.gnome.org/GNOME/glib/-/issues/3871 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1485.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sykv+pGN4TXggZNIwL/H4g==": { "id": "sykv+pGN4TXggZNIwL/H4g==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tbhLz74i3ShwS72WbIsoOA==": { "id": "tbhLz74i3ShwS72WbIsoOA==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u0cs09LPRVEEfen4PHM6gA==": { "id": "u0cs09LPRVEEfen4PHM6gA==", "updater": "rhel-vex", "name": "CVE-2026-0990", "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0990 https://bugzilla.redhat.com/show_bug.cgi?id=2429959 https://www.cve.org/CVERecord?id=CVE-2026-0990 https://nvd.nist.gov/vuln/detail/CVE-2026-0990 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0990.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u90uEyQ6vxfKeIQvjGNTHQ==": { "id": "u90uEyQ6vxfKeIQvjGNTHQ==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "uWz4SaM79VpO4EPAy+0C8g==": { "id": "uWz4SaM79VpO4EPAy+0C8g==", "updater": "rhel-vex", "name": "CVE-2026-5435", "description": "A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG (Transaction Signature) records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code.", "issued": "2026-04-28T11:58:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5435 https://bugzilla.redhat.com/show_bug.cgi?id=2463465 https://www.cve.org/CVERecord?id=CVE-2026-5435 https://nvd.nist.gov/vuln/detail/CVE-2026-5435 https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=34033 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5435.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uaetuJImncB6wudykQLpEA==": { "id": "uaetuJImncB6wudykQLpEA==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uu3d3lIlYVCZwOjqoNec3g==": { "id": "uu3d3lIlYVCZwOjqoNec3g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libblkid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "vQmd/px1n2vUjUceHOjVLA==": { "id": "vQmd/px1n2vUjUceHOjVLA==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vtpIIEEoAREfzDi0+K26Fg==": { "id": "vtpIIEEoAREfzDi0+K26Fg==", "updater": "rhel-vex", "name": "CVE-2026-4424", "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://www.cve.org/CVERecord?id=CVE-2026-4424 https://nvd.nist.gov/vuln/detail/CVE-2026-4424 https://github.com/libarchive/libarchive/pull/2898 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "xxrOMZzPk7ETmnvrIjBo0A==": { "id": "xxrOMZzPk7ETmnvrIjBo0A==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y/3qWQj3xOUQpm2CUr+ftg==": { "id": "y/3qWQj3xOUQpm2CUr+ftg==", "updater": "rhel-vex", "name": "CVE-2025-9820", "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "issued": "2025-11-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9820 https://bugzilla.redhat.com/show_bug.cgi?id=2392528 https://www.cve.org/CVERecord?id=CVE-2025-9820 https://nvd.nist.gov/vuln/detail/CVE-2025-9820 https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 https://gitlab.com/gnutls/gnutls/-/issues/1732 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9820.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "y7I268PAr74OoToX85XE8w==": { "id": "y7I268PAr74OoToX85XE8w==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "yUucg71orzE08FiDgaKBPQ==": { "id": "yUucg71orzE08FiDgaKBPQ==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "ymKqobod4xPivmLT/iq9oQ==": { "id": "ymKqobod4xPivmLT/iq9oQ==", "updater": "rhel-vex", "name": "CVE-2026-41990", "description": "A flaw was found in Libgcrypt. During Dilithium signing operations, the library fails to perform a bounds check when writing to a static array. While the data involved is not directly controlled by an attacker, this vulnerability could lead to memory corruption, potentially resulting in a denial of service (DoS) or affecting data integrity.", "issued": "2026-04-23T04:39:04Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41990 https://bugzilla.redhat.com/show_bug.cgi?id=2461068 https://www.cve.org/CVERecord?id=CVE-2026-41990 https://nvd.nist.gov/vuln/detail/CVE-2026-41990 https://dev.gnupg.org/T8208 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41990.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yzZzF1vLZmeTiLJMgY7W0Q==": { "id": "yzZzF1vLZmeTiLJMgY7W0Q==", "updater": "rhel-vex", "name": "CVE-2025-7039", "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "issued": "2025-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7039 https://bugzilla.redhat.com/show_bug.cgi?id=2392423 https://www.cve.org/CVERecord?id=CVE-2025-7039 https://nvd.nist.gov/vuln/detail/CVE-2025-7039 https://gitlab.gnome.org/GNOME/glib/-/issues/3716 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7039.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "z/beWyrkyrQJfgGCkMIsWg==": { "id": "z/beWyrkyrQJfgGCkMIsWg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libsmartcols", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "zmNQpHydwXFAJmLcFFYiyQ==": { "id": "zmNQpHydwXFAJmLcFFYiyQ==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libuuid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "znnZtQrOfSxqGV/OZKzI5g==": { "id": "znnZtQrOfSxqGV/OZKzI5g==", "updater": "rhel-vex", "name": "CVE-2026-4111", "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "issued": "2026-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4111 https://bugzilla.redhat.com/show_bug.cgi?id=2446453 https://www.cve.org/CVERecord?id=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 https://github.com/libarchive/libarchive/pull/2877 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json https://access.redhat.com/errata/RHSA-2026:5080", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-7.el9_7", "arch_op": "pattern match" }, "zqGJegkbTlVqcHBa6HtRTQ==": { "id": "zqGJegkbTlVqcHBa6HtRTQ==", "updater": "rhel-vex", "name": "CVE-2025-14017", "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "issued": "2026-01-08T10:07:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14017 https://bugzilla.redhat.com/show_bug.cgi?id=2427870 https://www.cve.org/CVERecord?id=CVE-2025-14017 https://nvd.nist.gov/vuln/detail/CVE-2025-14017 https://curl.se/docs/CVE-2025-14017.html https://curl.se/docs/CVE-2025-14017.json https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14017.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+bwl6UbMaWOBWdHNekJsEw==": [ "AD3UsMwxeXvBzVWIm5l5yw==" ], "/L1kFEoHZTukrNTCQLypFQ==": [ "aOUfuyvyyWEe7Z1IZT+fGw==" ], "/ub7EE8Da46T0x7lRdlVJg==": [ "z/beWyrkyrQJfgGCkMIsWg==", "T+jfDhqJcXwVQ38oWEz/6g==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "2gCbp4kt+cF44NF/LqukDg==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "6WyRl8U3PR6ipKlxqlBzFA==": [ "tbhLz74i3ShwS72WbIsoOA==" ], "7mDaaxs3ev+uNEDYC97U3Q==": [ "1npmxgSnoYj2MyAhQMaE7g==" ], "7ra56f21gLrcSpBD8a9+NQ==": [ "BheYJlsY7UG2Ru8eF1IU4g==", "TccjTp2Y8sTyWrjrm24IKA==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "CpfomSYboaXPZ9yn9NgGgw==": [ "7aI+wyLEqkIPj2Wh4f1UKg==", "lppk3oI+Rm/KVCEYBGVKcg==" ], "FZ9gWulzkx76xjTSH/yM/g==": [ "L1pkWyFlg006sdV2pKTg4A==" ], "FrUQI+koTfbikRk1jsFd0w==": [ "XPUXyp+BOEJyEGOgXafi8Q==" ], "IZ65O3ZOapykHwhaOX1/YA==": [ "hHDtCxiuvJ9VSCSwnEG0Fw==" ], "KXUGN6voGlWUMRN5TCFy4w==": [ "QSP4YGVknCXnnhDrDAxftg==", "DrIVK8+yvV91OzF2CS9o5A==", "QskDoDnTSvrQeDXklM4YOw==", "vQmd/px1n2vUjUceHOjVLA==" ], "M9YTWinowLqOqX/+8mbhjg==": [ "LeWRqc+lggRL8KnG53e6CA==", "g6ZHihkpvpkr3oZoVOs05w==", "bugTfOdgCaATW4vTnuXTSQ==", "HxI42iSjURjRki+uV6q/9w==" ], "O1acB+rpl9OLkk9I6phF7Q==": [ "WxO9le6q4ACTs4KnSuckDw==" ], "OCIjbR16ktOEiFK36r0WNw==": [ "LuirMfnv2JkWFEU8MUuKUQ==" ], "OaFmq38HlbKLTTEM/qATzg==": [ "rz/CPeG1fPitayrSa0BFxQ==", "l1pK1ezh6e0g8I+Dp2iK7w==", "6rEIsdyQtCC456AuGwgsDQ==", "8MfvwX+dRI6Qt2H+x71rZg==", "oqSc7q4k6wTno/u9knscCQ==", "zqGJegkbTlVqcHBa6HtRTQ==", "Pza9Y2xtH9MChVMkZwgw2A==", "smB1yCGhBb8gDhPAER7odg==", "l6IrI73Pg+lrisEtcgX+0Q==", "YIlv6HIDfGqvZL/MDTWWpg==", "FQwXyPZ+oHyxQZ9RBQXbpw==", "X7DmUVoCri5i6vdYVBBgXg==", "a9FllBAJiFi5FeYl0KG4aQ==", "3UNcgW64Eji4iyY2ZDB1cg==" ], "P5Om9zCJ/QZ+hnrEvj6fGw==": [ "ymKqobod4xPivmLT/iq9oQ==" ], "PIk2BBAWexCFofMi5q03RA==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "S8p9UGak1oycptcpYp/1eg==": [ "d/522T+B/ARMNSG+3QfAWA==" ], "SjQtW3gQmgt+Qj8JlnY4Mg==": [ "bgJs7DKkcMwNTsh9yTDgQg==", "uu3d3lIlYVCZwOjqoNec3g==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "WtG8AvirpmNJ8wVE+fxfGQ==": [ "FLpBF1y0CvCfFuXOmlaRZw==", "AwYRRq6SmgfJLn2NZxQUdw==", "qFIYjZJeFnLAVC7lR0n6oQ==", "RHShqbO2hqcBNPYbKDg/3A==", "8kndQj/aRn+NNJdGVP9v4g==", "DTApvRZh1HJD5XbbpU3ahw==", "jiVVTQmOtKqVixv7agF/Hg==", "u0cs09LPRVEEfen4PHM6gA==", "F4WBuBnk4OQIl1a5Q4CVPg==", "8ZCpE1M7eqNdy615aO2gLQ==", "mYgwcPpa/l0bTZdysqbplg==" ], "XJlS+gwEt7T+nNr/Bflqzg==": [ "uWz4SaM79VpO4EPAy+0C8g==", "/A7M1zrsMND1dKjg2gEuyg==", "ija3h8P09PxwjEuLSUS2HA==", "59oEBlU3jh6EL6gtZDUaug==", "9bjl4H6CMWLL3h1g5y6i9Q==", "MT27FBW6q+x91HBvTyGVKQ==" ], "XMkvB1ljVS0bNTUu2UEs3g==": [ "XPUXyp+BOEJyEGOgXafi8Q==" ], "ZabCZVOpeuHGnRiGdzqBig==": [ "L1pkWyFlg006sdV2pKTg4A==" ], "ayTA+mXRKgSCRl5LaqP4/w==": [ "JqWXvYyB4T300h7KRcWtFA==", "klH60uFrR0WkawaSlcOEKg==", "VYGbkY0i6P3tRJd9mM1wNg==", "PrCrIesi0sSvMQjPpvxecw==", "Qbjoqw6Ot3cGOKNyQYBo4g==", "e0VfCD1REapdkagkByCnXQ==", "svCt47J2Zwa45xj8gn3U/w==", "ixc06f0H9vqMfsbwQSwwvA==", "yzZzF1vLZmeTiLJMgY7W0Q==", "NrTzMmbWyM5UeSvnQVNLOg==", "Eh3WlvVSpgyvj1kaA5So7g==" ], "eK3V3oi6vbIfOQRAcWBYDw==": [ "uWz4SaM79VpO4EPAy+0C8g==", "/A7M1zrsMND1dKjg2gEuyg==", "ija3h8P09PxwjEuLSUS2HA==", "59oEBlU3jh6EL6gtZDUaug==", "9bjl4H6CMWLL3h1g5y6i9Q==", "MT27FBW6q+x91HBvTyGVKQ==" ], "iVtx1BX52G3zRfk+g/oWIg==": [ "78ARTcr/iVbEbtXWNEyadA==", "7eKrcl3YwGJqhWmZNbH7Eg==", "KCgZ2MK707GRfjAO2Q3SOA==", "Q6o565VsHFcmyuOW6jCOGw==", "fFM0zIKtKuexRqlZMkzQpg==", "3bb0a18NQSPWO0aeq9twVw==", "WP0Zjo/ORuC7+jbSIrru8A==", "Argl342WI7oZtgSo+p9kMA==", "ncqqUTuMttuUZ8SF9/Ywrg==", "u90uEyQ6vxfKeIQvjGNTHQ==", "429KD7e1Cl6AyUZNBGOTQw==", "OB9n4NdBrq+3wlcM9+90Dg==", "JK4fCJz1Ja5lmfE/vF5PcQ==", "D7U85Qc3CYAscEzhSfT76A==", "e/EuZlSZUQTHCSl8kHuFag==", "+U7CyAHaY71mhNm2Xnq2uw==", "y7I268PAr74OoToX85XE8w==", "bjyLMZdYnkrpUxDySiQ34Q==", "4u3exWl+MPcCOYOgbQLM+A==", "ixD2h349uZz3eCy55KxIlw==", "j/vFtwZCr4ow5q2VPKgR9g==", "/jvSCV2RwJ6c/Llx9z8uvA==", "Jrkns8qeStFRPhcitcuZ4w==", "yUucg71orzE08FiDgaKBPQ==", "GWKQvGJTKzyU9GiQECoFhg==", "5amguv6OT1njd8r+RXMCQQ==", "2TDjlt2gAEWsLyBBPigFYw==", "WVv0x6iWhzRgZZTPZ190Ng==", "M293c+QguJ/aaYP3cMwfyQ==", "Ie7rkr8oApZOM9PK2gFB6A==", "0E1VjQWdmolR9lr9ElIZZQ==", "6hAQW3vY9ZA/8datv1rY4g==", "TwoNniaY2Urt7TF64epJXg==", "mZCCwO//htsOIXazj/SeOw==", "YtNpM5pykErH+UBXZABWdg==", "5BksN0izCeDRrtFMsNCyvg==" ], "izPQpATHYfezyT+kcua/tQ==": [ "1/8/Mjb4nleg0SsOivHAww==", "XdzUGUJMTsfPfs79OXKU4Q==", "y/3qWQj3xOUQpm2CUr+ftg==", "f6oGdnhZomBa/bs3snB3kA==" ], "kAEPeyZOK/FwFoG6mOFUbQ==": [ "VzbOWZs6Sa8zFH+GQEnasQ==" ], "lad8JH31WlI0MsNEYhUWlA==": [ "Iy2V+5RC7ENxxmnS9KdBOw==", "SYSyRuW2vXdWcXLSfRP1aQ==", "1hhG+RKT0fsxlS/Wf/LWEA==", "uWz4SaM79VpO4EPAy+0C8g==", "/A7M1zrsMND1dKjg2gEuyg==", "ija3h8P09PxwjEuLSUS2HA==", "59oEBlU3jh6EL6gtZDUaug==", "9bjl4H6CMWLL3h1g5y6i9Q==", "MT27FBW6q+x91HBvTyGVKQ==", "IrRjtVOpf04EO7iAKFAznQ==", "sJNoOKrtqJYf9M2tWcTlqg==", "+UOyQgpOAnrWS+mVMK5k1Q==" ], "mDM1q1sl0PqUWEn54kTSRw==": [ "N7otM4CJgwQwy0Mz0UA3Vw==", "Lhc4n2a9ma6eRDB/RCRmLQ==", "6rEIsdyQtCC456AuGwgsDQ==", "8MfvwX+dRI6Qt2H+x71rZg==", "oqSc7q4k6wTno/u9knscCQ==", "zqGJegkbTlVqcHBa6HtRTQ==", "Pza9Y2xtH9MChVMkZwgw2A==", "smB1yCGhBb8gDhPAER7odg==", "l6IrI73Pg+lrisEtcgX+0Q==", "YIlv6HIDfGqvZL/MDTWWpg==", "FQwXyPZ+oHyxQZ9RBQXbpw==", "X7DmUVoCri5i6vdYVBBgXg==", "a9FllBAJiFi5FeYl0KG4aQ==", "3UNcgW64Eji4iyY2ZDB1cg==" ], "nzQEyt4JfkGeZIIHPiBhog==": [ "zmNQpHydwXFAJmLcFFYiyQ==", "bOC69k4Gpn8Av1w/ra2Tdw==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "nzlusFbkan5h1d1Ks+BKBQ==": [ "tbhLz74i3ShwS72WbIsoOA==" ], "rY/kE/V4JnxYoqV+lmc9mg==": [ "DDxCHnX+kCqcRQj9b90/cg==" ], "v3i4ez5juML2ZWwR+6dFFg==": [ "PUCpgzV2LGcCb5yPJbawGw==", "AUiFITCnRjRxctzqqbDeeA==", "9iigvnuYDaC8UzcOIDLjIQ==", "iF/o4aDbQf1DAw7R+LiVQw==", "GAn7gWUe2pFr7PbwechqxA==", "76z9Mpn8Jp7lhZSPsHTHug==" ], "wfJGCqOH8d+IYg/dAepx1A==": [ "vtpIIEEoAREfzDi0+K26Fg==", "eUh0vSDVmqXTnsB7jL0b4g==", "znnZtQrOfSxqGV/OZKzI5g==", "uaetuJImncB6wudykQLpEA==", "VWEbeFnFOHy1IkG21b5a5g==", "xxrOMZzPk7ETmnvrIjBo0A==", "mJw+LvAbCoVMIOZXCXNFpg==", "76mWuVYhbmIFsc4DNorK9A==", "lQBARBTddFvexevUD04GZA==", "sykv+pGN4TXggZNIwL/H4g==", "Kqq2xlybjD/tOLmQWu2xPw==", "Ez8lHT2uV9Tf9vJC/T4WXg==", "YX2rGofSXHBcNhTOGpNkAA==", "LxYgcRll4fEnbCHHZWt4BA==", "KMGV9rbVZ/vVUNSX6f+JqA==" ] }, "enrichments": {} } pod: gh-multi-component-parent-wvpz-on-push-zv4kx-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz@sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz@sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: gh-multi-component-parent-wvpz-on-push-zv4kx-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 4, "warnings": [ { "msg": "Found packages with high vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: sqlite-libs-3.34.1-8.el9_6 (CVE-2025-6965), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-15467), gnupg2-2.3.3-4.el9 (CVE-2025-68973), libarchive-3.5.3-6.el9_6 (CVE-2026-4111, CVE-2026-4424), libnghttp2-1.43.0-6.el9 (CVE-2026-27135)", "name": "clair_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 6 } }, { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libcap-2.48-9.el9_2 (CVE-2026-4878), krb5-libs-1.21.1-8.el9_6 (CVE-2026-40356)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 2 } }, { "msg": "Found packages with medium vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: libxml2-2.9.13-12.el9_6 (CVE-2025-9714), glib2-2.68.4-16.el9_6.2 (CVE-2025-13601), systemd-libs-252-51.el9_6.2 (CVE-2025-4598), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-11187, CVE-2025-69419, CVE-2025-9230), curl-minimal-7.76.1-31.el9_6.1 (CVE-2025-9086), libmount-2.37.4-21.el9 (CVE-2025-14104), libsmartcols-2.37.4-21.el9 (CVE-2025-14104), libblkid-2.37.4-21.el9 (CVE-2025-14104), glibc-2.34-168.el9_6.23 (CVE-2026-0915), libarchive-3.5.3-6.el9_6 (CVE-2026-5121), libuuid-2.37.4-21.el9 (CVE-2025-14104), gnutls-3.8.3-6.el9_6.2 (CVE-2025-14831), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2025-9086)", "name": "clair_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 15 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libxml2-2.9.13-12.el9_6 (CVE-2026-0990, CVE-2026-1757, CVE-2026-6732), glib2-2.68.4-16.el9_6.2 (CVE-2025-14087, CVE-2025-14512, CVE-2026-1484, CVE-2026-1489), systemd-libs-252-51.el9_6.2 (CVE-2026-29111, CVE-2026-4105), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2026-28386, CVE-2026-28390, CVE-2026-31790), glibc-common-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), curl-minimal-7.76.1-31.el9_6.1 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805), libmount-2.37.4-21.el9 (CVE-2026-27456), libsmartcols-2.37.4-21.el9 (CVE-2026-27456), libblkid-2.37.4-21.el9 (CVE-2026-27456), glibc-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), gnupg2-2.3.3-4.el9 (CVE-2025-68972), libarchive-3.5.3-6.el9_6 (CVE-2023-30571, CVE-2025-60753, CVE-2026-4426, CVE-2026-5745), libuuid-2.37.4-21.el9 (CVE-2026-27456), xz-libs-5.2.5-8.el9_0 (CVE-2026-34743), openldap-2.6.8-4.el9 (CVE-2026-22185), coreutils-single-8.32-39.el9 (CVE-2025-5278), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805), glibc-minimal-langpack-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), krb5-libs-1.21.1-8.el9_6 (CVE-2026-40355)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 52 } }, { "msg": "Found packages with low/negligible vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796), shadow-utils-2:4.9-12.el9 (CVE-2024-56433), glibc-2.34-168.el9_6.23 (CVE-2025-15281, CVE-2026-0861), gnutls-3.8.3-6.el9_6.2 (CVE-2025-9820)", "name": "clair_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 13 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libxml2-2.9.13-12.el9_6 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170, CVE-2026-0989, CVE-2026-0992), glib2-2.68.4-16.el9_6.2 (CVE-2023-32636, CVE-2025-3360, CVE-2025-7039, CVE-2026-0988, CVE-2026-1485), sqlite-libs-3.34.1-8.el9_6 (CVE-2024-0232, CVE-2025-70873), openssl-fips-provider-so-3.0.7-6.el9_5 (CVE-2026-2673), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232, CVE-2026-2673, CVE-2026-28388, CVE-2026-28389, CVE-2026-31789), glibc-common-2.34-168.el9_6.23 (CVE-2026-4438), ncurses-libs-6.2-10.20210508.el9_6.2 (CVE-2023-50495), curl-minimal-7.76.1-31.el9_6.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224), pcre2-syntax-10.40-6.el9 (CVE-2022-41409), pcre2-10.40-6.el9 (CVE-2022-41409), libgcc-11.5.0-5.el9_5 (CVE-2022-27943), glibc-2.34-168.el9_6.23 (CVE-2026-4438), openssl-fips-provider-3.0.7-6.el9_5 (CVE-2026-2673), libtasn1-4.16.0-9.el9 (CVE-2025-13151), gnupg2-2.3.3-4.el9 (CVE-2022-3219, CVE-2025-30258, CVE-2026-24883), libarchive-3.5.3-6.el9_6 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), ncurses-base-6.2-10.20210508.el9_6.2 (CVE-2023-50495), zlib-1.2.11-40.el9 (CVE-2026-27171), libstdc++-11.5.0-5.el9_5 (CVE-2022-27943), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224), libgcrypt-1.10.0-11.el9 (CVE-2026-41990), glibc-minimal-langpack-2.34-168.el9_6.23 (CVE-2026-4438), gawk-5.1.0-6.el9 (CVE-2023-4156)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 55 } } ] } ] {"vulnerabilities":{"critical":0,"high":6,"medium":15,"low":13,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":2,"medium":52,"low":55,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:c9d27b2187204ebe6b990bf695f389fddc86a7a9", "digests": ["sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573"]}} {"result":"SUCCESS","timestamp":"2026-04-29T13:32:00+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: gh-multi-component-parent-wvpz-on-push-zv4kx-clamav-scan-pod | init container: prepare 2026/04/29 13:29:53 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-push-zv4kx-clamav-scan-pod | init container: place-scripts 2026/04/29 13:30:36 Decoded script /tekton/scripts/script-0-rwdwh 2026/04/29 13:30:36 Decoded script /tekton/scripts/script-1-589pj pod: gh-multi-component-parent-wvpz-on-push-zv4kx-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz@sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 1.907 sec (0 m 1 s) Start Date: 2026:04:29 13:31:22 End Date: 2026:04:29 13:31:24 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27985/Tue Apr 28 06:25:02 2026 Database version: 27985 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1777469484","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1777469484","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1777469484","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:c9d27b2187204ebe6b990bf695f389fddc86a7a9", "digests": ["sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573"]}} pod: gh-multi-component-parent-wvpz-on-push-zv4kx-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz Attaching to quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:c9d27b2187204ebe6b990bf695f389fddc86a7a9 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:c9d27b2187204ebe6b990bf695f389fddc86a7a9@sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 53bfa9153957 clamscan-ec-test-amd64.json Uploading 5d2fbff93b2e clamscan-result-amd64.log Uploaded 53bfa9153957 clamscan-ec-test-amd64.json Uploaded 5d2fbff93b2e clamscan-result-amd64.log Uploading 9037c70a1194 application/vnd.oci.image.manifest.v1+json Uploaded 9037c70a1194 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:c9d27b2187204ebe6b990bf695f389fddc86a7a9@sha256:fd58fc5c70fa833ee7ef8822053124ec86c26c6a295e74d06664483b21f57573 Digest: sha256:9037c70a1194626e6730af708c61a6e80ecc7ecc33d8cc1895608539c87822f9 pod: gh-multi-component-parent-wvpz-on-push-zv4kx-init-pod | init container: prepare 2026/04/29 13:23:44 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-push-zv4kx-init-pod | container step-init: time="2026-04-29T13:23:49Z" level=info msg="[param] enable: false" time="2026-04-29T13:23:49Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:23:49Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:23:49Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:23:49Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:23:49Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:23:49Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:23:49Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:23:49Z" level=info msg="[result] NO PROXY: " New PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b found after retrigger for component build-e2e-gixz/gh-multi-component-parent-wvpz PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b found for Component build-e2e-gixz/gh-multi-component-parent-wvpz PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun has not been created yet for the Component build-e2e-gixz/gh-multi-component-parent-wvpz PipelineRun has not been created yet for the Component build-e2e-gixz/gh-multi-component-parent-wvpz PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-7wh6b reason: PipelineRunStopping attempt 2/3: PipelineRun "gh-multi-component-parent-wvpz-on-push-7wh6b" failed: context deadline exceededNew PipelineRun gh-multi-component-parent-wvpz-on-push-gz7ll found after retrigger for component build-e2e-gixz/gh-multi-component-parent-wvpz PipelineRun gh-multi-component-parent-wvpz-on-push-gz7ll found for Component build-e2e-gixz/gh-multi-component-parent-wvpz PipelineRun gh-multi-component-parent-wvpz-on-push-gz7ll reason: ResolvingTaskRef PipelineRun gh-multi-component-parent-wvpz-on-push-gz7ll reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-gz7ll reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-gz7ll reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-gz7ll reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-gz7ll reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-gz7ll reason: Running PipelineRun gh-multi-component-parent-wvpz-on-push-gz7ll reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-gz7ll reason: PipelineRunStopping PipelineRun gh-multi-component-parent-wvpz-on-push-gz7ll reason: Failed attempt 3/3: PipelineRun "gh-multi-component-parent-wvpz-on-push-gz7ll" failed: pod: gh-multi-component-parent-wvpz-on-pull-request-r88jd-init-pod | init container: prepare 2026/04/29 13:13:46 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-pull-request-r88jd-init-pod | container step-init: time="2026-04-29T13:13:49Z" level=info msg="[param] enable: false" time="2026-04-29T13:13:49Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:13:49Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:13:49Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:13:49Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:13:49Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:13:49Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:13:49Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:13:49Z" level=info msg="[result] NO PROXY: " pod: gh-multi-component-parent-wvpz-on-push-gz7ll-apply-tags-pod | init container: prepare 2026/04/29 14:05:20 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-push-gz7ll-apply-tags-pod | container step-apply-additional-tags: pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | init container: prepare 2026/04/29 14:05:12 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | init container: place-scripts 2026/04/29 14:05:14 Decoded script /tekton/scripts/script-0-6nksn 2026/04/29 14:05:14 Decoded script /tekton/scripts/script-1-s2p9b 2026/04/29 14:05:14 Decoded script /tekton/scripts/script-2-rz7ls 2026/04/29 14:05:14 Decoded script /tekton/scripts/script-3-62zk6 pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz@sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43. pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-04-29T14:05:31Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"}] 2026-04-29T14:05:31Z INF libvuln initialized component=libvuln/New 2026-04-29T14:05:31Z INF registered configured scanners component=libindex/New 2026-04-29T14:05:31Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-04-29T14:05:31Z INF index request start component=libindex/Libindex.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 2026-04-29T14:05:31Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 2026-04-29T14:05:31Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=CheckManifest 2026-04-29T14:05:31Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=FetchLayers 2026-04-29T14:05:32Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=FetchLayers 2026-04-29T14:05:32Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=FetchLayers 2026-04-29T14:05:32Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=ScanLayers 2026-04-29T14:05:40Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=ScanLayers 2026-04-29T14:05:40Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=IndexManifest 2026-04-29T14:05:40Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=IndexFinished 2026-04-29T14:05:40Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=IndexFinished 2026-04-29T14:05:40Z INF index request done component=libindex/Libindex.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 { "manifest_hash": "sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43", "packages": { "+A7/nzEXX3Q/xJZ50VMnlQ==": { "id": "+A7/nzEXX3Q/xJZ50VMnlQ==", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+X1MdmtPTbyDb/wq7joJhA==": { "id": "+X1MdmtPTbyDb/wq7joJhA==", "name": "libtool-ltdl", "version": "2.4.6-46.el9", "kind": "binary", "source": { "id": "", "name": "libtool", "version": "2.4.6-46.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+bwl6UbMaWOBWdHNekJsEw==": { "id": "+bwl6UbMaWOBWdHNekJsEw==", "name": "coreutils-single", "version": "8.32-39.el9", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-39.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/L1kFEoHZTukrNTCQLypFQ==": { "id": "/L1kFEoHZTukrNTCQLypFQ==", "name": "xz-libs", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/O7rOBo1qRMFm3q3Kf3mEw==": { "id": "/O7rOBo1qRMFm3q3Kf3mEw==", "name": "libselinux", "version": "3.6-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.6-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/h/TBQhfoSMCmey5oN87jA==": { "id": "/h/TBQhfoSMCmey5oN87jA==", "name": "libsolv", "version": "0.7.24-3.el9", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.24-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ub7EE8Da46T0x7lRdlVJg==": { "id": "/ub7EE8Da46T0x7lRdlVJg==", "name": "libsmartcols", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0T19Aon0dgLleTpQjLWzKw==": { "id": "0T19Aon0dgLleTpQjLWzKw==", "name": "crypto-policies", "version": "20250128-1.git5269e22.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20250128-1.git5269e22.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1atoBfoH0mJ0bCpetQ7/0g==": { "id": "1atoBfoH0mJ0bCpetQ7/0g==", "name": "file-libs", "version": "5.39-16.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2gCbp4kt+cF44NF/LqukDg==": { "id": "2gCbp4kt+cF44NF/LqukDg==", "name": "pcre2-syntax", "version": "10.40-6.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "5+tHFkkNi+1rUDSrmgYdkw==": { "id": "5+tHFkkNi+1rUDSrmgYdkw==", "name": "p11-kit-trust", "version": "0.25.3-3.el9_5", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5fhQlRzIg/IB8EVM2pFIZA==": { "id": "5fhQlRzIg/IB8EVM2pFIZA==", "name": "audit-libs", "version": "3.1.5-4.el9", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.5-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6WyRl8U3PR6ipKlxqlBzFA==": { "id": "6WyRl8U3PR6ipKlxqlBzFA==", "name": "ncurses-base", "version": "6.2-10.20210508.el9_6.2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-10.20210508.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "7cpIREEQnkaI7dbmWgmrvg==": { "id": "7cpIREEQnkaI7dbmWgmrvg==", "name": "gdbm-libs", "version": "1:1.23-1.el9", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.23-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7mDaaxs3ev+uNEDYC97U3Q==": { "id": "7mDaaxs3ev+uNEDYC97U3Q==", "name": "zlib", "version": "1.2.11-40.el9", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-40.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7ra56f21gLrcSpBD8a9+NQ==": { "id": "7ra56f21gLrcSpBD8a9+NQ==", "name": "libmount", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7vssDPaHKfFKMLimKBo7Gw==": { "id": "7vssDPaHKfFKMLimKBo7Gw==", "name": "libpeas", "version": "1.30.0-4.el9", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.30.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8uME+PFu6p/OAD7q+ZTVLw==": { "id": "8uME+PFu6p/OAD7q+ZTVLw==", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9olIUlLHZMdoUMju+8diyQ==": { "id": "9olIUlLHZMdoUMju+8diyQ==", "name": "filesystem", "version": "3.16-5.el9", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.16-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BQhiFmX4hLYteW4oRCLTSA==": { "id": "BQhiFmX4hLYteW4oRCLTSA==", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BRLVvSCW1qZQlEQR2x48fQ==": { "id": "BRLVvSCW1qZQlEQR2x48fQ==", "name": "gobject-introspection", "version": "1.68.0-11.el9", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.68.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CpfomSYboaXPZ9yn9NgGgw==": { "id": "CpfomSYboaXPZ9yn9NgGgw==", "name": "krb5-libs", "version": "1.21.1-8.el9_6", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.21.1-8.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DrLq8qfU1bfE8o8AfdvkrQ==": { "id": "DrLq8qfU1bfE8o8AfdvkrQ==", "name": "libverto", "version": "0.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FZ9gWulzkx76xjTSH/yM/g==": { "id": "FZ9gWulzkx76xjTSH/yM/g==", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "binary", "source": { "id": "", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FrUQI+koTfbikRk1jsFd0w==": { "id": "FrUQI+koTfbikRk1jsFd0w==", "name": "libstdc++", "version": "11.5.0-5.el9_5", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.5.0-5.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G61ZL2SOHR2qgvQfi118gw==": { "id": "G61ZL2SOHR2qgvQfi118gw==", "name": "dejavu-sans-fonts", "version": "2.37-18.el9", "kind": "binary", "source": { "id": "", "name": "dejavu-fonts", "version": "2.37-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HQdWvmyUSqtI3UTY0T4JiQ==": { "id": "HQdWvmyUSqtI3UTY0T4JiQ==", "name": "pcre", "version": "8.44-4.el9", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "I16VSEydeiRYB1TSf5694A==": { "id": "I16VSEydeiRYB1TSf5694A==", "name": "libreport-filesystem", "version": "2.15.2-6.el9", "kind": "binary", "source": { "id": "", "name": "libreport", "version": "2.15.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IZ65O3ZOapykHwhaOX1/YA==": { "id": "IZ65O3ZOapykHwhaOX1/YA==", "name": "libnghttp2", "version": "1.43.0-6.el9", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.43.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JKP7JzVg7UGaAz4VrH03lQ==": { "id": "JKP7JzVg7UGaAz4VrH03lQ==", "name": "langpacks-core-font-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KF5C+zKu/uFB7knCqOvDAQ==": { "id": "KF5C+zKu/uFB7knCqOvDAQ==", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KXUGN6voGlWUMRN5TCFy4w==": { "id": "KXUGN6voGlWUMRN5TCFy4w==", "name": "systemd-libs", "version": "252-51.el9_6.2", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "252-51.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Lwqn0aweLQLZmo12VvYcog==": { "id": "Lwqn0aweLQLZmo12VvYcog==", "name": "popt", "version": "1.18-8.el9", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "M9YTWinowLqOqX/+8mbhjg==": { "id": "M9YTWinowLqOqX/+8mbhjg==", "name": "sqlite-libs", "version": "3.34.1-8.el9_6", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-8.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MDH8Zt4oQWDiYk9qFV5Lbg==": { "id": "MDH8Zt4oQWDiYk9qFV5Lbg==", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NdCY2/S+syamLH224R4hug==": { "id": "NdCY2/S+syamLH224R4hug==", "name": "langpacks-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "O1acB+rpl9OLkk9I6phF7Q==": { "id": "O1acB+rpl9OLkk9I6phF7Q==", "name": "shadow-utils", "version": "2:4.9-12.el9", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.9-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OCIjbR16ktOEiFK36r0WNw==": { "id": "OCIjbR16ktOEiFK36r0WNw==", "name": "libtasn1", "version": "4.16.0-9.el9", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.16.0-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OaFmq38HlbKLTTEM/qATzg==": { "id": "OaFmq38HlbKLTTEM/qATzg==", "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-31.el9_6.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OgwdUybWl/HQYbnPTE4Psw==": { "id": "OgwdUybWl/HQYbnPTE4Psw==", "name": "npth", "version": "1.6-8.el9", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.6-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ohssf0Jzlafd9vtrrUKCXg==": { "id": "Ohssf0Jzlafd9vtrrUKCXg==", "name": "bash", "version": "5.1.8-9.el9", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Om9zCJ/QZ+hnrEvj6fGw==": { "id": "P5Om9zCJ/QZ+hnrEvj6fGw==", "name": "libgcrypt", "version": "1.10.0-11.el9", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.10.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PIk2BBAWexCFofMi5q03RA==": { "id": "PIk2BBAWexCFofMi5q03RA==", "name": "pcre2", "version": "10.40-6.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PZXvGa4khHd2n6o73hJ/Pg==": { "id": "PZXvGa4khHd2n6o73hJ/Pg==", "name": "microdnf", "version": "3.9.1-3.el9", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.9.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RXh3fimX8fGZeCt4chJEiA==": { "id": "RXh3fimX8fGZeCt4chJEiA==", "name": "librhsm", "version": "0.0.3-9.el9", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "S8p9UGak1oycptcpYp/1eg==": { "id": "S8p9UGak1oycptcpYp/1eg==", "name": "openldap", "version": "2.6.8-4.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.8-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SjQtW3gQmgt+Qj8JlnY4Mg==": { "id": "SjQtW3gQmgt+Qj8JlnY4Mg==", "name": "libblkid", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Su8bfW9ijc0V5CiAum2V1g==": { "id": "Su8bfW9ijc0V5CiAum2V1g==", "name": "bzip2-libs", "version": "1.0.8-10.el9_5", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-10.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TPIRq84Pr3a6ywzPeCr3Pw==": { "id": "TPIRq84Pr3a6ywzPeCr3Pw==", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "To0NR+oyXDu1CYJfmVGurQ==": { "id": "To0NR+oyXDu1CYJfmVGurQ==", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VV2Z1ngTs6sGvt5SrayPCg==": { "id": "VV2Z1ngTs6sGvt5SrayPCg==", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VX9V+Y680L2xf2tBREdpCw==": { "id": "VX9V+Y680L2xf2tBREdpCw==", "name": "gmp", "version": "1:6.2.0-13.el9", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.2.0-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WtG8AvirpmNJ8wVE+fxfGQ==": { "id": "WtG8AvirpmNJ8wVE+fxfGQ==", "name": "libxml2", "version": "2.9.13-12.el9_6", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-12.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XG5+bW8np2NedSy/od6z8Q==": { "id": "XG5+bW8np2NedSy/od6z8Q==", "name": "libacl", "version": "2.3.1-4.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XJlS+gwEt7T+nNr/Bflqzg==": { "id": "XJlS+gwEt7T+nNr/Bflqzg==", "name": "glibc-minimal-langpack", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XMkvB1ljVS0bNTUu2UEs3g==": { "id": "XMkvB1ljVS0bNTUu2UEs3g==", "name": "libgcc", "version": "11.5.0-5.el9_5", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.5.0-5.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XwbkaIGCYyq6BjBMVZ1wzw==": { "id": "XwbkaIGCYyq6BjBMVZ1wzw==", "name": "readline", "version": "8.1-4.el9", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZabCZVOpeuHGnRiGdzqBig==": { "id": "ZabCZVOpeuHGnRiGdzqBig==", "name": "openssl-fips-provider-so", "version": "3.0.7-6.el9_5", "kind": "binary", "source": { "id": "", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "arLt5War9yeQ8auYn/Idmw==": { "id": "arLt5War9yeQ8auYn/Idmw==", "name": "nettle", "version": "3.10.1-1.el9", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.10.1-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ayTA+mXRKgSCRl5LaqP4/w==": { "id": "ayTA+mXRKgSCRl5LaqP4/w==", "name": "glib2", "version": "2.68.4-16.el9_6.2", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-16.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bFvWffGqJWr7FWnI7K9NVw==": { "id": "bFvWffGqJWr7FWnI7K9NVw==", "name": "grep", "version": "3.6-5.el9", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bemGVBhbDe9iV1Kjvd9hAA==": { "id": "bemGVBhbDe9iV1Kjvd9hAA==", "name": "libffi", "version": "3.4.2-8.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bgzKs6bbeWeXxcqE+n7Jog==": { "id": "bgzKs6bbeWeXxcqE+n7Jog==", "name": "libsepol", "version": "3.6-2.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.6-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dC9CoYt17eaqinGSVCfCxw==": { "id": "dC9CoYt17eaqinGSVCfCxw==", "name": "libattr", "version": "2.5.1-3.el9", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.5.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "de44cUqF23LvU0fOSvNRjA==": { "id": "de44cUqF23LvU0fOSvNRjA==", "name": "libevent", "version": "2.1.12-8.el9_4", "kind": "binary", "source": { "id": "", "name": "libevent", "version": "2.1.12-8.el9_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dpQG/pUwAqVv1OdQqnvylQ==": { "id": "dpQG/pUwAqVv1OdQqnvylQ==", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eK3V3oi6vbIfOQRAcWBYDw==": { "id": "eK3V3oi6vbIfOQRAcWBYDw==", "name": "glibc-common", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eRa7MZyiHBvsv7GPhkGKdg==": { "id": "eRa7MZyiHBvsv7GPhkGKdg==", "name": "lua-libs", "version": "5.4.4-4.el9", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.4.4-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eaygsCP+5IpdIryvw94Tcw==": { "id": "eaygsCP+5IpdIryvw94Tcw==", "name": "rootfiles", "version": "8.1-34.el9", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-34.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f8lJd/yoDqE6O0RUQGqkpQ==": { "id": "f8lJd/yoDqE6O0RUQGqkpQ==", "name": "libusbx", "version": "1.0.26-1.el9", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.26-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gsKPriszRNKAqMnHK+dXgw==": { "id": "gsKPriszRNKAqMnHK+dXgw==", "name": "libksba", "version": "1.5.1-7.el9", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.5.1-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hYEisV19Dxn4PvCvxJFm5A==": { "id": "hYEisV19Dxn4PvCvxJFm5A==", "name": "lz4-libs", "version": "1.9.3-5.el9", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iTD/lpKAM3AZEWh+zVx2tg==": { "id": "iTD/lpKAM3AZEWh+zVx2tg==", "name": "librepo", "version": "1.14.5-2.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.5-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iVtx1BX52G3zRfk+g/oWIg==": { "id": "iVtx1BX52G3zRfk+g/oWIg==", "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.2.2-6.el9_5.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iaJm7Mdk9UadnBII0ZwMeA==": { "id": "iaJm7Mdk9UadnBII0ZwMeA==", "name": "dnf-data", "version": "4.14.0-25.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.14.0-25.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "izPQpATHYfezyT+kcua/tQ==": { "id": "izPQpATHYfezyT+kcua/tQ==", "name": "gnutls", "version": "3.8.3-6.el9_6.2", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.8.3-6.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jAjaNW7NMGiv7HfByDu4RQ==": { "id": "jAjaNW7NMGiv7HfByDu4RQ==", "name": "alternatives", "version": "1.24-2.el9", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.24-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kAEPeyZOK/FwFoG6mOFUbQ==": { "id": "kAEPeyZOK/FwFoG6mOFUbQ==", "name": "libcap", "version": "2.48-9.el9_2", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-9.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kFxhSjWy84mTZBM4XiZaeQ==": { "id": "kFxhSjWy84mTZBM4XiZaeQ==", "name": "setup", "version": "2.13.7-10.el9", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.13.7-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kgbITSeRtKiT7enG8buGXw==": { "id": "kgbITSeRtKiT7enG8buGXw==", "name": "libcom_err", "version": "1.46.5-7.el9", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kigiD4fuysu8/DeCr+ONKQ==": { "id": "kigiD4fuysu8/DeCr+ONKQ==", "name": "basesystem", "version": "11-13.el9", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kp6BaioAZ30jbVeZkkzokA==": { "id": "kp6BaioAZ30jbVeZkkzokA==", "name": "libzstd", "version": "1.5.5-1.el9", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.5.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kvpHJLhsWpgEBJjx168pDg==": { "id": "kvpHJLhsWpgEBJjx168pDg==", "name": "tzdata", "version": "2025b-1.el9", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025b-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lI6hCbIwETVhCFhL4BxyiQ==": { "id": "lI6hCbIwETVhCFhL4BxyiQ==", "name": "libdnf", "version": "0.69.0-13.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.69.0-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lad8JH31WlI0MsNEYhUWlA==": { "id": "lad8JH31WlI0MsNEYhUWlA==", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mDM1q1sl0PqUWEn54kTSRw==": { "id": "mDM1q1sl0PqUWEn54kTSRw==", "name": "curl-minimal", "version": "7.76.1-31.el9_6.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-31.el9_6.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mK/FUfODp3MR7WS2xegPsw==": { "id": "mK/FUfODp3MR7WS2xegPsw==", "name": "langpacks-core-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mPqGnMbiXN6jP61aGbHvOA==": { "id": "mPqGnMbiXN6jP61aGbHvOA==", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nzQEyt4JfkGeZIIHPiBhog==": { "id": "nzQEyt4JfkGeZIIHPiBhog==", "name": "libuuid", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nzlusFbkan5h1d1Ks+BKBQ==": { "id": "nzlusFbkan5h1d1Ks+BKBQ==", "name": "ncurses-libs", "version": "6.2-10.20210508.el9_6.2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-10.20210508.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pYM7mYzFYUjRrK74RyhfOw==": { "id": "pYM7mYzFYUjRrK74RyhfOw==", "name": "redhat-release", "version": "9.6-0.1.el9", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "9.6-0.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qYSZ6aKFWol313IOGRXaug==": { "id": "qYSZ6aKFWol313IOGRXaug==", "name": "json-c", "version": "0.14-11.el9", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.14-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rCLp3m64Catai9VuHvh3Lw==": { "id": "rCLp3m64Catai9VuHvh3Lw==", "name": "keyutils-libs", "version": "1.6.3-1.el9", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rY/kE/V4JnxYoqV+lmc9mg==": { "id": "rY/kE/V4JnxYoqV+lmc9mg==", "name": "gawk", "version": "5.1.0-6.el9", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "5.1.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rlHYqOr0lkUB/Gs6b1kD2g==": { "id": "rlHYqOr0lkUB/Gs6b1kD2g==", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ssPaV1VLDu6d5ZJ6Rrmh3A==": { "id": "ssPaV1VLDu6d5ZJ6Rrmh3A==", "name": "sed", "version": "4.8-9.el9", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sx0C6L5COHIkv6yQQyPlbw==": { "id": "sx0C6L5COHIkv6yQQyPlbw==", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u5TyEoU5GA6Z2czzwhMLiA==": { "id": "u5TyEoU5GA6Z2czzwhMLiA==", "name": "fonts-filesystem", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "v3i4ez5juML2ZWwR+6dFFg==": { "id": "v3i4ez5juML2ZWwR+6dFFg==", "name": "gnupg2", "version": "2.3.3-4.el9", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.3.3-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wCA3gMNtInqX1xg18QcnQg==": { "id": "wCA3gMNtInqX1xg18QcnQg==", "name": "ca-certificates", "version": "2024.2.69_v8.0.303-91.4.el9_4", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2024.2.69_v8.0.303-91.4.el9_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wfJGCqOH8d+IYg/dAepx1A==": { "id": "wfJGCqOH8d+IYg/dAepx1A==", "name": "libarchive", "version": "3.5.3-6.el9_6", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-6.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "x4oijVhQU8BUwJwoFvk4QA==": { "id": "x4oijVhQU8BUwJwoFvk4QA==", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xSopjH0yPtbnx33MBmtmuA==": { "id": "xSopjH0yPtbnx33MBmtmuA==", "name": "rpm-libs", "version": "4.16.1.3-37.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xhMgwxa+ubXlCA6s9XfRgw==": { "id": "xhMgwxa+ubXlCA6s9XfRgw==", "name": "cyrus-sasl-lib", "version": "2.1.27-21.el9", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yEp9fQVFIQAEDPCwC3GLmA==": { "id": "yEp9fQVFIQAEDPCwC3GLmA==", "name": "libsemanage", "version": "3.6-5.el9_6", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.6-5.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zPvTALB8qlNtHa1j2iT5Zg==": { "id": "zPvTALB8qlNtHa1j2iT5Zg==", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "69ef4a50-29cf-446d-957a-e8b1551e6950": { "id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "9", "version_code_name": "", "version_id": "9", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 9" } }, "repository": { "92da4433-0429-4f32-b32a-32e14194a45b": { "id": "92da4433-0429-4f32-b32a-32e14194a45b", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "b3fd82fe-34cd-4835-99e9-642c3e8299b2": { "id": "b3fd82fe-34cd-4835-99e9-642c3e8299b2", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" } }, "environments": { "+A7/nzEXX3Q/xJZ50VMnlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "+X1MdmtPTbyDb/wq7joJhA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "+bwl6UbMaWOBWdHNekJsEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "/L1kFEoHZTukrNTCQLypFQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "/O7rOBo1qRMFm3q3Kf3mEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "/h/TBQhfoSMCmey5oN87jA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "/ub7EE8Da46T0x7lRdlVJg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "0T19Aon0dgLleTpQjLWzKw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "1atoBfoH0mJ0bCpetQ7/0g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "2gCbp4kt+cF44NF/LqukDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "5+tHFkkNi+1rUDSrmgYdkw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "5fhQlRzIg/IB8EVM2pFIZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "6WyRl8U3PR6ipKlxqlBzFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "7cpIREEQnkaI7dbmWgmrvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "7mDaaxs3ev+uNEDYC97U3Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "7ra56f21gLrcSpBD8a9+NQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "7vssDPaHKfFKMLimKBo7Gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "8uME+PFu6p/OAD7q+ZTVLw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "9olIUlLHZMdoUMju+8diyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "BQhiFmX4hLYteW4oRCLTSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "BRLVvSCW1qZQlEQR2x48fQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "CpfomSYboaXPZ9yn9NgGgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "DrLq8qfU1bfE8o8AfdvkrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "FZ9gWulzkx76xjTSH/yM/g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "FrUQI+koTfbikRk1jsFd0w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "G61ZL2SOHR2qgvQfi118gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "HQdWvmyUSqtI3UTY0T4JiQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "I16VSEydeiRYB1TSf5694A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "IZ65O3ZOapykHwhaOX1/YA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "JKP7JzVg7UGaAz4VrH03lQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "KF5C+zKu/uFB7knCqOvDAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "KXUGN6voGlWUMRN5TCFy4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "Lwqn0aweLQLZmo12VvYcog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "M9YTWinowLqOqX/+8mbhjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "MDH8Zt4oQWDiYk9qFV5Lbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "NdCY2/S+syamLH224R4hug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "O1acB+rpl9OLkk9I6phF7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "OCIjbR16ktOEiFK36r0WNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "OaFmq38HlbKLTTEM/qATzg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "OgwdUybWl/HQYbnPTE4Psw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "Ohssf0Jzlafd9vtrrUKCXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "P5Om9zCJ/QZ+hnrEvj6fGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "PIk2BBAWexCFofMi5q03RA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "PZXvGa4khHd2n6o73hJ/Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "RXh3fimX8fGZeCt4chJEiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "S8p9UGak1oycptcpYp/1eg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "SjQtW3gQmgt+Qj8JlnY4Mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "Su8bfW9ijc0V5CiAum2V1g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "TPIRq84Pr3a6ywzPeCr3Pw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "To0NR+oyXDu1CYJfmVGurQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "VV2Z1ngTs6sGvt5SrayPCg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "VX9V+Y680L2xf2tBREdpCw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "WtG8AvirpmNJ8wVE+fxfGQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "XG5+bW8np2NedSy/od6z8Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "XJlS+gwEt7T+nNr/Bflqzg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "XMkvB1ljVS0bNTUu2UEs3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "XwbkaIGCYyq6BjBMVZ1wzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "ZabCZVOpeuHGnRiGdzqBig==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "arLt5War9yeQ8auYn/Idmw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "ayTA+mXRKgSCRl5LaqP4/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "bFvWffGqJWr7FWnI7K9NVw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "bemGVBhbDe9iV1Kjvd9hAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "bgzKs6bbeWeXxcqE+n7Jog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "dC9CoYt17eaqinGSVCfCxw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "de44cUqF23LvU0fOSvNRjA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "dpQG/pUwAqVv1OdQqnvylQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "eK3V3oi6vbIfOQRAcWBYDw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "eRa7MZyiHBvsv7GPhkGKdg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "eaygsCP+5IpdIryvw94Tcw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "f8lJd/yoDqE6O0RUQGqkpQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "gsKPriszRNKAqMnHK+dXgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "hYEisV19Dxn4PvCvxJFm5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "iTD/lpKAM3AZEWh+zVx2tg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "iVtx1BX52G3zRfk+g/oWIg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "iaJm7Mdk9UadnBII0ZwMeA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "izPQpATHYfezyT+kcua/tQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "jAjaNW7NMGiv7HfByDu4RQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "kAEPeyZOK/FwFoG6mOFUbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "kFxhSjWy84mTZBM4XiZaeQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "kgbITSeRtKiT7enG8buGXw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "kigiD4fuysu8/DeCr+ONKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "kp6BaioAZ30jbVeZkkzokA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "kvpHJLhsWpgEBJjx168pDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "lI6hCbIwETVhCFhL4BxyiQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "lad8JH31WlI0MsNEYhUWlA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "mDM1q1sl0PqUWEn54kTSRw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "mK/FUfODp3MR7WS2xegPsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "mPqGnMbiXN6jP61aGbHvOA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "nzQEyt4JfkGeZIIHPiBhog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "nzlusFbkan5h1d1Ks+BKBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "pYM7mYzFYUjRrK74RyhfOw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "qYSZ6aKFWol313IOGRXaug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "rCLp3m64Catai9VuHvh3Lw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "rY/kE/V4JnxYoqV+lmc9mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "rlHYqOr0lkUB/Gs6b1kD2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "ssPaV1VLDu6d5ZJ6Rrmh3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "sx0C6L5COHIkv6yQQyPlbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "u5TyEoU5GA6Z2czzwhMLiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "v3i4ez5juML2ZWwR+6dFFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "wCA3gMNtInqX1xg18QcnQg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "wfJGCqOH8d+IYg/dAepx1A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "x4oijVhQU8BUwJwoFvk4QA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "xSopjH0yPtbnx33MBmtmuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "xhMgwxa+ubXlCA6s9XfRgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "yEp9fQVFIQAEDPCwC3GLmA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "zPvTALB8qlNtHa1j2iT5Zg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ] }, "vulnerabilities": { "+U7CyAHaY71mhNm2Xnq2uw==": { "id": "+U7CyAHaY71mhNm2Xnq2uw==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "+UOyQgpOAnrWS+mVMK5k1Q==": { "id": "+UOyQgpOAnrWS+mVMK5k1Q==", "updater": "rhel-vex", "name": "CVE-2026-0861", "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "issued": "2026-01-14T21:01:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0861 https://bugzilla.redhat.com/show_bug.cgi?id=2429771 https://www.cve.org/CVERecord?id=CVE-2026-0861 https://nvd.nist.gov/vuln/detail/CVE-2026-0861 https://sourceware.org/bugzilla/show_bug.cgi?id=33796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0861.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "/A7M1zrsMND1dKjg2gEuyg==": { "id": "/A7M1zrsMND1dKjg2gEuyg==", "updater": "rhel-vex", "name": "CVE-2026-5450", "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "issued": "2026-04-20T20:55:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5450 https://bugzilla.redhat.com/show_bug.cgi?id=2459853 https://www.cve.org/CVERecord?id=CVE-2026-5450 https://nvd.nist.gov/vuln/detail/CVE-2026-5450 https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5450.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/jvSCV2RwJ6c/Llx9z8uvA==": { "id": "/jvSCV2RwJ6c/Llx9z8uvA==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "0E1VjQWdmolR9lr9ElIZZQ==": { "id": "0E1VjQWdmolR9lr9ElIZZQ==", "updater": "rhel-vex", "name": "CVE-2026-28389", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28389 https://bugzilla.redhat.com/show_bug.cgi?id=2451096 https://www.cve.org/CVERecord?id=CVE-2026-28389 https://nvd.nist.gov/vuln/detail/CVE-2026-28389 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28389.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1/8/Mjb4nleg0SsOivHAww==": { "id": "1/8/Mjb4nleg0SsOivHAww==", "updater": "rhel-vex", "name": "CVE-2025-9820", "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "issued": "2025-11-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9820 https://bugzilla.redhat.com/show_bug.cgi?id=2392528 https://www.cve.org/CVERecord?id=CVE-2025-9820 https://nvd.nist.gov/vuln/detail/CVE-2025-9820 https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 https://gitlab.com/gnutls/gnutls/-/issues/1732 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9820.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "1hhG+RKT0fsxlS/Wf/LWEA==": { "id": "1hhG+RKT0fsxlS/Wf/LWEA==", "updater": "rhel-vex", "name": "CVE-2026-0861", "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "issued": "2026-01-14T21:01:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0861 https://bugzilla.redhat.com/show_bug.cgi?id=2429771 https://www.cve.org/CVERecord?id=CVE-2026-0861 https://nvd.nist.gov/vuln/detail/CVE-2026-0861 https://sourceware.org/bugzilla/show_bug.cgi?id=33796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0861.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "1npmxgSnoYj2MyAhQMaE7g==": { "id": "1npmxgSnoYj2MyAhQMaE7g==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2TDjlt2gAEWsLyBBPigFYw==": { "id": "2TDjlt2gAEWsLyBBPigFYw==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3UNcgW64Eji4iyY2ZDB1cg==": { "id": "3UNcgW64Eji4iyY2ZDB1cg==", "updater": "rhel-vex", "name": "CVE-2026-3783", "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "issued": "2026-03-11T10:09:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3783 https://bugzilla.redhat.com/show_bug.cgi?id=2446450 https://www.cve.org/CVERecord?id=CVE-2026-3783 https://nvd.nist.gov/vuln/detail/CVE-2026-3783 http://www.openwall.com/lists/oss-security/2026/03/11/2 https://curl.se/docs/CVE-2026-3783.html https://curl.se/docs/CVE-2026-3783.json https://hackerone.com/reports/3583983 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3783.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3bb0a18NQSPWO0aeq9twVw==": { "id": "3bb0a18NQSPWO0aeq9twVw==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "429KD7e1Cl6AyUZNBGOTQw==": { "id": "429KD7e1Cl6AyUZNBGOTQw==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "4u3exWl+MPcCOYOgbQLM+A==": { "id": "4u3exWl+MPcCOYOgbQLM+A==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "59oEBlU3jh6EL6gtZDUaug==": { "id": "59oEBlU3jh6EL6gtZDUaug==", "updater": "rhel-vex", "name": "CVE-2026-4437", "description": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.", "issued": "2026-03-20T19:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4437 https://bugzilla.redhat.com/show_bug.cgi?id=2449777 https://www.cve.org/CVERecord?id=CVE-2026-4437 https://nvd.nist.gov/vuln/detail/CVE-2026-4437 https://sourceware.org/bugzilla/show_bug.cgi?id=34014 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4437.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5BksN0izCeDRrtFMsNCyvg==": { "id": "5BksN0izCeDRrtFMsNCyvg==", "updater": "rhel-vex", "name": "CVE-2025-9232", "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9232 https://bugzilla.redhat.com/show_bug.cgi?id=2396056 https://www.cve.org/CVERecord?id=CVE-2025-9232 https://nvd.nist.gov/vuln/detail/CVE-2025-9232 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9232.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5amguv6OT1njd8r+RXMCQQ==": { "id": "5amguv6OT1njd8r+RXMCQQ==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "6hAQW3vY9ZA/8datv1rY4g==": { "id": "6hAQW3vY9ZA/8datv1rY4g==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6rEIsdyQtCC456AuGwgsDQ==": { "id": "6rEIsdyQtCC456AuGwgsDQ==", "updater": "rhel-vex", "name": "CVE-2025-15079", "description": "A flaw was found in curl. When performing SSH-based transfers using SCP or SFTP, libcurl could mistakenly connect to hosts not listed in the user-specified knownhosts file. This occurs if the host is present in the libssh global knownhosts file, effectively bypassing the intended host verification. This could allow a remote attacker to connect to an untrusted host, potentially leading to information disclosure or man-in-the-middle attacks.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15079 https://bugzilla.redhat.com/show_bug.cgi?id=2426409 https://www.cve.org/CVERecord?id=CVE-2025-15079 https://nvd.nist.gov/vuln/detail/CVE-2025-15079 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15079.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "76mWuVYhbmIFsc4DNorK9A==": { "id": "76mWuVYhbmIFsc4DNorK9A==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "76z9Mpn8Jp7lhZSPsHTHug==": { "id": "76z9Mpn8Jp7lhZSPsHTHug==", "updater": "rhel-vex", "name": "CVE-2025-68973", "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "issued": "2025-12-28T16:19:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68973 https://bugzilla.redhat.com/show_bug.cgi?id=2425966 https://www.cve.org/CVERecord?id=CVE-2025-68973 https://nvd.nist.gov/vuln/detail/CVE-2025-68973 https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306 https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 https://gpg.fail/memcpy https://news.ycombinator.com/item?id=46403200 https://www.openwall.com/lists/oss-security/2025/12/28/5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68973.json https://access.redhat.com/errata/RHSA-2026:0719", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.3.3-5.el9_7", "arch_op": "pattern match" }, "78ARTcr/iVbEbtXWNEyadA==": { "id": "78ARTcr/iVbEbtXWNEyadA==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "7aI+wyLEqkIPj2Wh4f1UKg==": { "id": "7aI+wyLEqkIPj2Wh4f1UKg==", "updater": "rhel-vex", "name": "CVE-2026-40356", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40356 https://bugzilla.redhat.com/show_bug.cgi?id=2463368 https://www.cve.org/CVERecord?id=CVE-2026-40356 https://nvd.nist.gov/vuln/detail/CVE-2026-40356 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40356.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7eKrcl3YwGJqhWmZNbH7Eg==": { "id": "7eKrcl3YwGJqhWmZNbH7Eg==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "8MfvwX+dRI6Qt2H+x71rZg==": { "id": "8MfvwX+dRI6Qt2H+x71rZg==", "updater": "rhel-vex", "name": "CVE-2025-15224", "description": "A flaw was found in libcurl. When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15224 https://bugzilla.redhat.com/show_bug.cgi?id=2426410 https://www.cve.org/CVERecord?id=CVE-2025-15224 https://nvd.nist.gov/vuln/detail/CVE-2025-15224 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15224.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZCpE1M7eqNdy615aO2gLQ==": { "id": "8ZCpE1M7eqNdy615aO2gLQ==", "updater": "rhel-vex", "name": "CVE-2026-0992", "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0992 https://bugzilla.redhat.com/show_bug.cgi?id=2429975 https://www.cve.org/CVERecord?id=CVE-2026-0992 https://nvd.nist.gov/vuln/detail/CVE-2026-0992 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0992.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8kndQj/aRn+NNJdGVP9v4g==": { "id": "8kndQj/aRn+NNJdGVP9v4g==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9bjl4H6CMWLL3h1g5y6i9Q==": { "id": "9bjl4H6CMWLL3h1g5y6i9Q==", "updater": "rhel-vex", "name": "CVE-2026-5928", "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "issued": "2026-04-20T20:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5928 https://bugzilla.redhat.com/show_bug.cgi?id=2459854 https://www.cve.org/CVERecord?id=CVE-2026-5928 https://nvd.nist.gov/vuln/detail/CVE-2026-5928 https://sourceware.org/bugzilla/show_bug.cgi?id=33998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5928.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9iigvnuYDaC8UzcOIDLjIQ==": { "id": "9iigvnuYDaC8UzcOIDLjIQ==", "updater": "rhel-vex", "name": "CVE-2026-24883", "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "issued": "2026-01-27T18:43:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24883 https://bugzilla.redhat.com/show_bug.cgi?id=2433463 https://www.cve.org/CVERecord?id=CVE-2026-24883 https://nvd.nist.gov/vuln/detail/CVE-2026-24883 https://dev.gnupg.org/T8049 https://www.openwall.com/lists/oss-security/2026/01/27/8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24883.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AD3UsMwxeXvBzVWIm5l5yw==": { "id": "AD3UsMwxeXvBzVWIm5l5yw==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AUiFITCnRjRxctzqqbDeeA==": { "id": "AUiFITCnRjRxctzqqbDeeA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Argl342WI7oZtgSo+p9kMA==": { "id": "Argl342WI7oZtgSo+p9kMA==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "AwYRRq6SmgfJLn2NZxQUdw==": { "id": "AwYRRq6SmgfJLn2NZxQUdw==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BheYJlsY7UG2Ru8eF1IU4g==": { "id": "BheYJlsY7UG2Ru8eF1IU4g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libmount", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "D7U85Qc3CYAscEzhSfT76A==": { "id": "D7U85Qc3CYAscEzhSfT76A==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "DDxCHnX+kCqcRQj9b90/cg==": { "id": "DDxCHnX+kCqcRQj9b90/cg==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DTApvRZh1HJD5XbbpU3ahw==": { "id": "DTApvRZh1HJD5XbbpU3ahw==", "updater": "rhel-vex", "name": "CVE-2026-1757", "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "issued": "2026-02-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1757 https://bugzilla.redhat.com/show_bug.cgi?id=2435940 https://www.cve.org/CVERecord?id=CVE-2026-1757 https://nvd.nist.gov/vuln/detail/CVE-2026-1757 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DrIVK8+yvV91OzF2CS9o5A==": { "id": "DrIVK8+yvV91OzF2CS9o5A==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "Eh3WlvVSpgyvj1kaA5So7g==": { "id": "Eh3WlvVSpgyvj1kaA5So7g==", "updater": "rhel-vex", "name": "CVE-2025-13601", "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "issued": "2025-11-24T13:00:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://www.cve.org/CVERecord?id=CVE-2025-13601 https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13601.json https://access.redhat.com/errata/RHSA-2026:0936", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-18.el9_7.1", "arch_op": "pattern match" }, "Ez8lHT2uV9Tf9vJC/T4WXg==": { "id": "Ez8lHT2uV9Tf9vJC/T4WXg==", "updater": "rhel-vex", "name": "CVE-2026-4426", "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4426 https://bugzilla.redhat.com/show_bug.cgi?id=2449010 https://www.cve.org/CVERecord?id=CVE-2026-4426 https://nvd.nist.gov/vuln/detail/CVE-2026-4426 https://github.com/libarchive/libarchive/pull/2897 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4426.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "F4WBuBnk4OQIl1a5Q4CVPg==": { "id": "F4WBuBnk4OQIl1a5Q4CVPg==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://gitlab.gnome.org/GNOME/libxml2/-/issues/941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FLpBF1y0CvCfFuXOmlaRZw==": { "id": "FLpBF1y0CvCfFuXOmlaRZw==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json https://access.redhat.com/errata/RHSA-2025:22376", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-14.el9_7", "arch_op": "pattern match" }, "FQwXyPZ+oHyxQZ9RBQXbpw==": { "id": "FQwXyPZ+oHyxQZ9RBQXbpw==", "updater": "rhel-vex", "name": "CVE-2025-13034", "description": "A flaw was found in curl. When configured to use public key pinning with QUIC connections and GnuTLS, and with standard certificate verification explicitly disabled, curl could bypass the intended public key check. This oversight allows a malicious server to impersonate a legitimate one, potentially leading to unauthorized access or information disclosure due to a failure in verifying the server's identity.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13034 https://bugzilla.redhat.com/show_bug.cgi?id=2426406 https://www.cve.org/CVERecord?id=CVE-2025-13034 https://nvd.nist.gov/vuln/detail/CVE-2025-13034 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13034.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GAn7gWUe2pFr7PbwechqxA==": { "id": "GAn7gWUe2pFr7PbwechqxA==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GWKQvGJTKzyU9GiQECoFhg==": { "id": "GWKQvGJTKzyU9GiQECoFhg==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "HxI42iSjURjRki+uV6q/9w==": { "id": "HxI42iSjURjRki+uV6q/9w==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ie7rkr8oApZOM9PK2gFB6A==": { "id": "Ie7rkr8oApZOM9PK2gFB6A==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IrRjtVOpf04EO7iAKFAznQ==": { "id": "IrRjtVOpf04EO7iAKFAznQ==", "updater": "rhel-vex", "name": "CVE-2026-0915", "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "issued": "2026-01-15T22:08:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0915 https://bugzilla.redhat.com/show_bug.cgi?id=2430201 https://www.cve.org/CVERecord?id=CVE-2026-0915 https://nvd.nist.gov/vuln/detail/CVE-2026-0915 https://sourceware.org/bugzilla/show_bug.cgi?id=33802 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0915.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "Iy2V+5RC7ENxxmnS9KdBOw==": { "id": "Iy2V+5RC7ENxxmnS9KdBOw==", "updater": "rhel-vex", "name": "CVE-2026-0915", "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "issued": "2026-01-15T22:08:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0915 https://bugzilla.redhat.com/show_bug.cgi?id=2430201 https://www.cve.org/CVERecord?id=CVE-2026-0915 https://nvd.nist.gov/vuln/detail/CVE-2026-0915 https://sourceware.org/bugzilla/show_bug.cgi?id=33802 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0915.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "JK4fCJz1Ja5lmfE/vF5PcQ==": { "id": "JK4fCJz1Ja5lmfE/vF5PcQ==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "JqWXvYyB4T300h7KRcWtFA==": { "id": "JqWXvYyB4T300h7KRcWtFA==", "updater": "rhel-vex", "name": "CVE-2025-13601", "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "issued": "2025-11-24T13:00:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://www.cve.org/CVERecord?id=CVE-2025-13601 https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13601.json https://access.redhat.com/errata/RHSA-2026:0936", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-18.el9_7.1", "arch_op": "pattern match" }, "Jrkns8qeStFRPhcitcuZ4w==": { "id": "Jrkns8qeStFRPhcitcuZ4w==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "KCgZ2MK707GRfjAO2Q3SOA==": { "id": "KCgZ2MK707GRfjAO2Q3SOA==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "KMGV9rbVZ/vVUNSX6f+JqA==": { "id": "KMGV9rbVZ/vVUNSX6f+JqA==", "updater": "rhel-vex", "name": "CVE-2026-4111", "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "issued": "2026-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4111 https://bugzilla.redhat.com/show_bug.cgi?id=2446453 https://www.cve.org/CVERecord?id=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 https://github.com/libarchive/libarchive/pull/2877 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json https://access.redhat.com/errata/RHSA-2026:5080", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-7.el9_7", "arch_op": "pattern match" }, "Kqq2xlybjD/tOLmQWu2xPw==": { "id": "Kqq2xlybjD/tOLmQWu2xPw==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L1pkWyFlg006sdV2pKTg4A==": { "id": "L1pkWyFlg006sdV2pKTg4A==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-fips-provider", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LeWRqc+lggRL8KnG53e6CA==": { "id": "LeWRqc+lggRL8KnG53e6CA==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "Lhc4n2a9ma6eRDB/RCRmLQ==": { "id": "Lhc4n2a9ma6eRDB/RCRmLQ==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "LuirMfnv2JkWFEU8MUuKUQ==": { "id": "LuirMfnv2JkWFEU8MUuKUQ==", "updater": "rhel-vex", "name": "CVE-2025-13151", "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "issued": "2026-01-07T21:14:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13151 https://bugzilla.redhat.com/show_bug.cgi?id=2427698 https://www.cve.org/CVERecord?id=CVE-2025-13151 https://nvd.nist.gov/vuln/detail/CVE-2025-13151 https://gitlab.com/gnutls/libtasn1 https://gitlab.com/gnutls/libtasn1/-/merge_requests/121 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LxYgcRll4fEnbCHHZWt4BA==": { "id": "LxYgcRll4fEnbCHHZWt4BA==", "updater": "rhel-vex", "name": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "issued": "2026-03-30T07:44:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5121 https://bugzilla.redhat.com/show_bug.cgi?id=2452945 https://www.cve.org/CVERecord?id=CVE-2026-5121 https://nvd.nist.gov/vuln/detail/CVE-2026-5121 https://github.com/advisories/GHSA-2vwv-vqpv-v8vc https://github.com/libarchive/libarchive/pull/2934 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5121.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "M293c+QguJ/aaYP3cMwfyQ==": { "id": "M293c+QguJ/aaYP3cMwfyQ==", "updater": "rhel-vex", "name": "CVE-2026-28388", "description": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28388 https://bugzilla.redhat.com/show_bug.cgi?id=2451097 https://www.cve.org/CVERecord?id=CVE-2026-28388 https://nvd.nist.gov/vuln/detail/CVE-2026-28388 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28388.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MT27FBW6q+x91HBvTyGVKQ==": { "id": "MT27FBW6q+x91HBvTyGVKQ==", "updater": "rhel-vex", "name": "CVE-2026-4046", "description": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-30T17:16:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4046 https://bugzilla.redhat.com/show_bug.cgi?id=2453117 https://www.cve.org/CVERecord?id=CVE-2026-4046 https://nvd.nist.gov/vuln/detail/CVE-2026-4046 https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/ https://sourceware.org/bugzilla/show_bug.cgi?id=33980 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4046.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "N7otM4CJgwQwy0Mz0UA3Vw==": { "id": "N7otM4CJgwQwy0Mz0UA3Vw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "NrTzMmbWyM5UeSvnQVNLOg==": { "id": "NrTzMmbWyM5UeSvnQVNLOg==", "updater": "rhel-vex", "name": "CVE-2026-0988", "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0988 https://bugzilla.redhat.com/show_bug.cgi?id=2429886 https://www.cve.org/CVERecord?id=CVE-2026-0988 https://nvd.nist.gov/vuln/detail/CVE-2026-0988 https://gitlab.gnome.org/GNOME/glib/-/issues/3851 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0988.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OB9n4NdBrq+3wlcM9+90Dg==": { "id": "OB9n4NdBrq+3wlcM9+90Dg==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "PUCpgzV2LGcCb5yPJbawGw==": { "id": "PUCpgzV2LGcCb5yPJbawGw==", "updater": "rhel-vex", "name": "CVE-2025-68973", "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "issued": "2025-12-28T16:19:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68973 https://bugzilla.redhat.com/show_bug.cgi?id=2425966 https://www.cve.org/CVERecord?id=CVE-2025-68973 https://nvd.nist.gov/vuln/detail/CVE-2025-68973 https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306 https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 https://gpg.fail/memcpy https://news.ycombinator.com/item?id=46403200 https://www.openwall.com/lists/oss-security/2025/12/28/5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68973.json https://access.redhat.com/errata/RHSA-2026:0719", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.3.3-5.el9_7", "arch_op": "pattern match" }, "PrCrIesi0sSvMQjPpvxecw==": { "id": "PrCrIesi0sSvMQjPpvxecw==", "updater": "rhel-vex", "name": "CVE-2025-14512", "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "issued": "2025-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14512 https://bugzilla.redhat.com/show_bug.cgi?id=2421339 https://www.cve.org/CVERecord?id=CVE-2025-14512 https://nvd.nist.gov/vuln/detail/CVE-2025-14512 https://gitlab.gnome.org/GNOME/glib/-/issues/3845 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14512.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Pza9Y2xtH9MChVMkZwgw2A==": { "id": "Pza9Y2xtH9MChVMkZwgw2A==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q6o565VsHFcmyuOW6jCOGw==": { "id": "Q6o565VsHFcmyuOW6jCOGw==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "QSP4YGVknCXnnhDrDAxftg==": { "id": "QSP4YGVknCXnnhDrDAxftg==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "Qbjoqw6Ot3cGOKNyQYBo4g==": { "id": "Qbjoqw6Ot3cGOKNyQYBo4g==", "updater": "rhel-vex", "name": "CVE-2025-14087", "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14087 https://bugzilla.redhat.com/show_bug.cgi?id=2419093 https://www.cve.org/CVERecord?id=CVE-2025-14087 https://nvd.nist.gov/vuln/detail/CVE-2025-14087 https://gitlab.gnome.org/GNOME/glib/-/issues/3834 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14087.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QskDoDnTSvrQeDXklM4YOw==": { "id": "QskDoDnTSvrQeDXklM4YOw==", "updater": "rhel-vex", "name": "CVE-2026-4105", "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "issued": "2026-03-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4105 https://bugzilla.redhat.com/show_bug.cgi?id=2447262 https://www.cve.org/CVERecord?id=CVE-2026-4105 https://nvd.nist.gov/vuln/detail/CVE-2026-4105 https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4105.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RHShqbO2hqcBNPYbKDg/3A==": { "id": "RHShqbO2hqcBNPYbKDg/3A==", "updater": "rhel-vex", "name": "CVE-2026-6732", "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "issued": "2026-04-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6732 https://bugzilla.redhat.com/show_bug.cgi?id=2461300 https://www.cve.org/CVERecord?id=CVE-2026-6732 https://nvd.nist.gov/vuln/detail/CVE-2026-6732 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097 https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6732.json", "severity": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S5Dzz9cigoJDCj8s5UcT0g==": { "id": "S5Dzz9cigoJDCj8s5UcT0g==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SYSyRuW2vXdWcXLSfRP1aQ==": { "id": "SYSyRuW2vXdWcXLSfRP1aQ==", "updater": "rhel-vex", "name": "CVE-2025-15281", "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "issued": "2026-01-20T13:22:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15281 https://bugzilla.redhat.com/show_bug.cgi?id=2431196 https://www.cve.org/CVERecord?id=CVE-2025-15281 https://nvd.nist.gov/vuln/detail/CVE-2025-15281 https://sourceware.org/bugzilla/show_bug.cgi?id=33814 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15281.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "T+jfDhqJcXwVQ38oWEz/6g==": { "id": "T+jfDhqJcXwVQ38oWEz/6g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libsmartcols", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "TccjTp2Y8sTyWrjrm24IKA==": { "id": "TccjTp2Y8sTyWrjrm24IKA==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libmount", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "TwoNniaY2Urt7TF64epJXg==": { "id": "TwoNniaY2Urt7TF64epJXg==", "updater": "rhel-vex", "name": "CVE-2026-31790", "description": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31790 https://bugzilla.redhat.com/show_bug.cgi?id=2451094 https://www.cve.org/CVERecord?id=CVE-2026-31790 https://nvd.nist.gov/vuln/detail/CVE-2026-31790 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31790.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VWEbeFnFOHy1IkG21b5a5g==": { "id": "VWEbeFnFOHy1IkG21b5a5g==", "updater": "rhel-vex", "name": "CVE-2023-30571", "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "issued": "2023-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VYGbkY0i6P3tRJd9mM1wNg==": { "id": "VYGbkY0i6P3tRJd9mM1wNg==", "updater": "rhel-vex", "name": "CVE-2026-1489", "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1489 https://bugzilla.redhat.com/show_bug.cgi?id=2433348 https://www.cve.org/CVERecord?id=CVE-2026-1489 https://nvd.nist.gov/vuln/detail/CVE-2026-1489 https://gitlab.gnome.org/GNOME/glib/-/issues/3872 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1489.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VzbOWZs6Sa8zFH+GQEnasQ==": { "id": "VzbOWZs6Sa8zFH+GQEnasQ==", "updater": "rhel-vex", "name": "CVE-2026-4878", "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "issued": "2026-04-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2451615 https://www.cve.org/CVERecord?id=CVE-2026-4878 https://nvd.nist.gov/vuln/detail/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2447554 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WP0Zjo/ORuC7+jbSIrru8A==": { "id": "WP0Zjo/ORuC7+jbSIrru8A==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "WVv0x6iWhzRgZZTPZ190Ng==": { "id": "WVv0x6iWhzRgZZTPZ190Ng==", "updater": "rhel-vex", "name": "CVE-2026-28386", "description": "A flaw was found in openssl. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support may experience a Denial of Service (DoS). This occurs when processing partial cipher blocks, specifically if the input buffer ends at a memory page boundary and the subsequent page is unmapped. This can lead to an out-of-bounds read of up to 15 bytes and a potential application crash.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28386 https://bugzilla.redhat.com/show_bug.cgi?id=2451099 https://www.cve.org/CVERecord?id=CVE-2026-28386 https://nvd.nist.gov/vuln/detail/CVE-2026-28386 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28386.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WxO9le6q4ACTs4KnSuckDw==": { "id": "WxO9le6q4ACTs4KnSuckDw==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json https://access.redhat.com/errata/RHSA-2025:20559", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-15.el9", "arch_op": "pattern match" }, "X7DmUVoCri5i6vdYVBBgXg==": { "id": "X7DmUVoCri5i6vdYVBBgXg==", "updater": "rhel-vex", "name": "CVE-2026-1965", "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "issued": "2026-03-11T10:08:52Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1965 https://bugzilla.redhat.com/show_bug.cgi?id=2446448 https://www.cve.org/CVERecord?id=CVE-2026-1965 https://nvd.nist.gov/vuln/detail/CVE-2026-1965 https://curl.se/docs/CVE-2026-1965.html https://curl.se/docs/CVE-2026-1965.json https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1965.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XPUXyp+BOEJyEGOgXafi8Q==": { "id": "XPUXyp+BOEJyEGOgXafi8Q==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XdzUGUJMTsfPfs79OXKU4Q==": { "id": "XdzUGUJMTsfPfs79OXKU4Q==", "updater": "rhel-vex", "name": "CVE-2025-14831", "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "issued": "2026-02-09T14:26:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14831 https://bugzilla.redhat.com/show_bug.cgi?id=2423177 https://www.cve.org/CVERecord?id=CVE-2025-14831 https://nvd.nist.gov/vuln/detail/CVE-2025-14831 https://gitlab.com/gnutls/gnutls/-/issues/1773 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14831.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "YIlv6HIDfGqvZL/MDTWWpg==": { "id": "YIlv6HIDfGqvZL/MDTWWpg==", "updater": "rhel-vex", "name": "CVE-2026-3805", "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "issued": "2026-03-11T10:09:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3805 https://bugzilla.redhat.com/show_bug.cgi?id=2446451 https://www.cve.org/CVERecord?id=CVE-2026-3805 https://nvd.nist.gov/vuln/detail/CVE-2026-3805 http://www.openwall.com/lists/oss-security/2026/03/11/4 https://curl.se/docs/CVE-2026-3805.html https://curl.se/docs/CVE-2026-3805.json https://hackerone.com/reports/3591944 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3805.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YX2rGofSXHBcNhTOGpNkAA==": { "id": "YX2rGofSXHBcNhTOGpNkAA==", "updater": "rhel-vex", "name": "CVE-2026-4424", "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://www.cve.org/CVERecord?id=CVE-2026-4424 https://nvd.nist.gov/vuln/detail/CVE-2026-4424 https://github.com/libarchive/libarchive/pull/2898 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "YtNpM5pykErH+UBXZABWdg==": { "id": "YtNpM5pykErH+UBXZABWdg==", "updater": "rhel-vex", "name": "CVE-2026-28390", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T22:00:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28390 https://bugzilla.redhat.com/show_bug.cgi?id=2456314 https://www.cve.org/CVERecord?id=CVE-2026-28390 https://nvd.nist.gov/vuln/detail/CVE-2026-28390 https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6 https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4 https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788 https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28390.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a9FllBAJiFi5FeYl0KG4aQ==": { "id": "a9FllBAJiFi5FeYl0KG4aQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aOUfuyvyyWEe7Z1IZT+fGw==": { "id": "aOUfuyvyyWEe7Z1IZT+fGw==", "updater": "rhel-vex", "name": "CVE-2026-34743", "description": "A flaw was found in XZ Utils. When the `lzma_index_decoder()` function processes an empty index, and a subsequent `lzma_index_append()` operation is performed, insufficient memory is allocated. This can lead to a buffer overflow, potentially causing a denial of service (DoS) for affected systems.", "issued": "2026-04-02T18:36:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34743 https://bugzilla.redhat.com/show_bug.cgi?id=2454589 https://www.cve.org/CVERecord?id=CVE-2026-34743 https://nvd.nist.gov/vuln/detail/CVE-2026-34743 https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87 https://github.com/tukaani-project/xz/releases/tag/v5.8.3 https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34743.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "xz", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bOC69k4Gpn8Av1w/ra2Tdw==": { "id": "bOC69k4Gpn8Av1w/ra2Tdw==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libuuid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "bgJs7DKkcMwNTsh9yTDgQg==": { "id": "bgJs7DKkcMwNTsh9yTDgQg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libblkid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "bjyLMZdYnkrpUxDySiQ34Q==": { "id": "bjyLMZdYnkrpUxDySiQ34Q==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "bugTfOdgCaATW4vTnuXTSQ==": { "id": "bugTfOdgCaATW4vTnuXTSQ==", "updater": "rhel-vex", "name": "CVE-2025-70873", "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "issued": "2026-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-70873 https://bugzilla.redhat.com/show_bug.cgi?id=2447086 https://www.cve.org/CVERecord?id=CVE-2025-70873 https://nvd.nist.gov/vuln/detail/CVE-2025-70873 https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054 https://sqlite.org/forum/forumpost/761eac3c82 https://sqlite.org/src/info/3d459f1fb1bd1b5e https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70873.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d/522T+B/ARMNSG+3QfAWA==": { "id": "d/522T+B/ARMNSG+3QfAWA==", "updater": "rhel-vex", "name": "CVE-2026-22185", "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "issued": "2026-01-07T20:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22185 https://bugzilla.redhat.com/show_bug.cgi?id=2427679 https://www.cve.org/CVERecord?id=CVE-2026-22185 https://nvd.nist.gov/vuln/detail/CVE-2026-22185 https://seclists.org/fulldisclosure/2026/Jan/5 https://seclists.org/fulldisclosure/2026/Jan/8 https://www.openldap.org/ https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22185.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openldap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e/EuZlSZUQTHCSl8kHuFag==": { "id": "e/EuZlSZUQTHCSl8kHuFag==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "e0/Fzu8wfMZp9zX32i9rMQ==": { "id": "e0/Fzu8wfMZp9zX32i9rMQ==", "updater": "rhel-vex", "name": "CVE-2026-27456", "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "issued": "2026-04-03T21:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27456 https://bugzilla.redhat.com/show_bug.cgi?id=2454956 https://www.cve.org/CVERecord?id=CVE-2026-27456 https://nvd.nist.gov/vuln/detail/CVE-2026-27456 https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4 https://github.com/util-linux/util-linux/releases/tag/v2.41.4 https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27456.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e0VfCD1REapdkagkByCnXQ==": { "id": "e0VfCD1REapdkagkByCnXQ==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eUh0vSDVmqXTnsB7jL0b4g==": { "id": "eUh0vSDVmqXTnsB7jL0b4g==", "updater": "rhel-vex", "name": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "issued": "2026-03-30T07:44:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5121 https://bugzilla.redhat.com/show_bug.cgi?id=2452945 https://www.cve.org/CVERecord?id=CVE-2026-5121 https://nvd.nist.gov/vuln/detail/CVE-2026-5121 https://github.com/advisories/GHSA-2vwv-vqpv-v8vc https://github.com/libarchive/libarchive/pull/2934 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5121.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "f6oGdnhZomBa/bs3snB3kA==": { "id": "f6oGdnhZomBa/bs3snB3kA==", "updater": "rhel-vex", "name": "CVE-2025-14831", "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "issued": "2026-02-09T14:26:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14831 https://bugzilla.redhat.com/show_bug.cgi?id=2423177 https://www.cve.org/CVERecord?id=CVE-2025-14831 https://nvd.nist.gov/vuln/detail/CVE-2025-14831 https://gitlab.com/gnutls/gnutls/-/issues/1773 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14831.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "fFM0zIKtKuexRqlZMkzQpg==": { "id": "fFM0zIKtKuexRqlZMkzQpg==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "g6ZHihkpvpkr3oZoVOs05w==": { "id": "g6ZHihkpvpkr3oZoVOs05w==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "hHDtCxiuvJ9VSCSwnEG0Fw==": { "id": "hHDtCxiuvJ9VSCSwnEG0Fw==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7668", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-6.el9_7.1", "arch_op": "pattern match" }, "iF/o4aDbQf1DAw7R+LiVQw==": { "id": "iF/o4aDbQf1DAw7R+LiVQw==", "updater": "rhel-vex", "name": "CVE-2025-68972", "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "issued": "2025-12-27T22:52:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68972 https://bugzilla.redhat.com/show_bug.cgi?id=2425646 https://www.cve.org/CVERecord?id=CVE-2025-68972 https://nvd.nist.gov/vuln/detail/CVE-2025-68972 https://gpg.fail/formfeed https://news.ycombinator.com/item?id=46404339 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ija3h8P09PxwjEuLSUS2HA==": { "id": "ija3h8P09PxwjEuLSUS2HA==", "updater": "rhel-vex", "name": "CVE-2026-4438", "description": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.", "issued": "2026-03-20T19:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4438 https://bugzilla.redhat.com/show_bug.cgi?id=2449783 https://www.cve.org/CVERecord?id=CVE-2026-4438 https://nvd.nist.gov/vuln/detail/CVE-2026-4438 https://sourceware.org/bugzilla/show_bug.cgi?id=34015 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4438.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ixD2h349uZz3eCy55KxIlw==": { "id": "ixD2h349uZz3eCy55KxIlw==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "ixc06f0H9vqMfsbwQSwwvA==": { "id": "ixc06f0H9vqMfsbwQSwwvA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j/vFtwZCr4ow5q2VPKgR9g==": { "id": "j/vFtwZCr4ow5q2VPKgR9g==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "jiVVTQmOtKqVixv7agF/Hg==": { "id": "jiVVTQmOtKqVixv7agF/Hg==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "klH60uFrR0WkawaSlcOEKg==": { "id": "klH60uFrR0WkawaSlcOEKg==", "updater": "rhel-vex", "name": "CVE-2026-1484", "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1484 https://bugzilla.redhat.com/show_bug.cgi?id=2433259 https://www.cve.org/CVERecord?id=CVE-2026-1484 https://nvd.nist.gov/vuln/detail/CVE-2026-1484 https://gitlab.gnome.org/GNOME/glib/-/issues/3870 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1484.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "l1pK1ezh6e0g8I+Dp2iK7w==": { "id": "l1pK1ezh6e0g8I+Dp2iK7w==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "l6IrI73Pg+lrisEtcgX+0Q==": { "id": "l6IrI73Pg+lrisEtcgX+0Q==", "updater": "rhel-vex", "name": "CVE-2026-3784", "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "issued": "2026-03-11T10:09:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3784 https://bugzilla.redhat.com/show_bug.cgi?id=2446449 https://www.cve.org/CVERecord?id=CVE-2026-3784 https://nvd.nist.gov/vuln/detail/CVE-2026-3784 http://www.openwall.com/lists/oss-security/2026/03/11/3 https://curl.se/docs/CVE-2026-3784.html https://curl.se/docs/CVE-2026-3784.json https://hackerone.com/reports/3584903 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3784.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lQBARBTddFvexevUD04GZA==": { "id": "lQBARBTddFvexevUD04GZA==", "updater": "rhel-vex", "name": "CVE-2026-5745", "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5745 https://bugzilla.redhat.com/show_bug.cgi?id=2455921 https://www.cve.org/CVERecord?id=CVE-2026-5745 https://nvd.nist.gov/vuln/detail/CVE-2026-5745 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5745.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lppk3oI+Rm/KVCEYBGVKcg==": { "id": "lppk3oI+Rm/KVCEYBGVKcg==", "updater": "rhel-vex", "name": "CVE-2026-40355", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40355 https://bugzilla.redhat.com/show_bug.cgi?id=2463370 https://www.cve.org/CVERecord?id=CVE-2026-40355 https://nvd.nist.gov/vuln/detail/CVE-2026-40355 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40355.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mJw+LvAbCoVMIOZXCXNFpg==": { "id": "mJw+LvAbCoVMIOZXCXNFpg==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mYgwcPpa/l0bTZdysqbplg==": { "id": "mYgwcPpa/l0bTZdysqbplg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json https://access.redhat.com/errata/RHSA-2025:22376", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-14.el9_7", "arch_op": "pattern match" }, "mZCCwO//htsOIXazj/SeOw==": { "id": "mZCCwO//htsOIXazj/SeOw==", "updater": "rhel-vex", "name": "CVE-2026-31789", "description": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31789 https://bugzilla.redhat.com/show_bug.cgi?id=2451095 https://www.cve.org/CVERecord?id=CVE-2026-31789 https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31789.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ncqqUTuMttuUZ8SF9/Ywrg==": { "id": "ncqqUTuMttuUZ8SF9/Ywrg==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "oqSc7q4k6wTno/u9knscCQ==": { "id": "oqSc7q4k6wTno/u9knscCQ==", "updater": "rhel-vex", "name": "CVE-2024-9681", "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "issued": "2024-11-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9681 https://bugzilla.redhat.com/show_bug.cgi?id=2322969 https://www.cve.org/CVERecord?id=CVE-2024-9681 https://nvd.nist.gov/vuln/detail/CVE-2024-9681 https://hackerone.com/reports/2764830 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9681.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qFIYjZJeFnLAVC7lR0n6oQ==": { "id": "qFIYjZJeFnLAVC7lR0n6oQ==", "updater": "rhel-vex", "name": "CVE-2026-0989", "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \u003cinclude\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0989 https://bugzilla.redhat.com/show_bug.cgi?id=2429933 https://www.cve.org/CVERecord?id=CVE-2026-0989 https://nvd.nist.gov/vuln/detail/CVE-2026-0989 https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0989.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rz/CPeG1fPitayrSa0BFxQ==": { "id": "rz/CPeG1fPitayrSa0BFxQ==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "sJNoOKrtqJYf9M2tWcTlqg==": { "id": "sJNoOKrtqJYf9M2tWcTlqg==", "updater": "rhel-vex", "name": "CVE-2025-15281", "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "issued": "2026-01-20T13:22:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15281 https://bugzilla.redhat.com/show_bug.cgi?id=2431196 https://www.cve.org/CVERecord?id=CVE-2025-15281 https://nvd.nist.gov/vuln/detail/CVE-2025-15281 https://sourceware.org/bugzilla/show_bug.cgi?id=33814 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15281.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "smB1yCGhBb8gDhPAER7odg==": { "id": "smB1yCGhBb8gDhPAER7odg==", "updater": "rhel-vex", "name": "CVE-2025-14524", "description": "A flaw was found in curl. When an OAuth2 (Open Authorization) bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a different scheme like IMAP, LDAP, POP3, or SMTP, curl might incorrectly pass the bearer token to the new target host. This could lead to information disclosure, where sensitive authentication tokens are exposed to unintended recipients.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14524 https://bugzilla.redhat.com/show_bug.cgi?id=2426407 https://www.cve.org/CVERecord?id=CVE-2025-14524 https://nvd.nist.gov/vuln/detail/CVE-2025-14524 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14524.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "svCt47J2Zwa45xj8gn3U/w==": { "id": "svCt47J2Zwa45xj8gn3U/w==", "updater": "rhel-vex", "name": "CVE-2026-1485", "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1485 https://bugzilla.redhat.com/show_bug.cgi?id=2433325 https://www.cve.org/CVERecord?id=CVE-2026-1485 https://nvd.nist.gov/vuln/detail/CVE-2026-1485 https://gitlab.gnome.org/GNOME/glib/-/issues/3871 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1485.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sykv+pGN4TXggZNIwL/H4g==": { "id": "sykv+pGN4TXggZNIwL/H4g==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tbhLz74i3ShwS72WbIsoOA==": { "id": "tbhLz74i3ShwS72WbIsoOA==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u0cs09LPRVEEfen4PHM6gA==": { "id": "u0cs09LPRVEEfen4PHM6gA==", "updater": "rhel-vex", "name": "CVE-2026-0990", "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0990 https://bugzilla.redhat.com/show_bug.cgi?id=2429959 https://www.cve.org/CVERecord?id=CVE-2026-0990 https://nvd.nist.gov/vuln/detail/CVE-2026-0990 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0990.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u90uEyQ6vxfKeIQvjGNTHQ==": { "id": "u90uEyQ6vxfKeIQvjGNTHQ==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "uWz4SaM79VpO4EPAy+0C8g==": { "id": "uWz4SaM79VpO4EPAy+0C8g==", "updater": "rhel-vex", "name": "CVE-2026-5435", "description": "A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG (Transaction Signature) records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code.", "issued": "2026-04-28T11:58:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5435 https://bugzilla.redhat.com/show_bug.cgi?id=2463465 https://www.cve.org/CVERecord?id=CVE-2026-5435 https://nvd.nist.gov/vuln/detail/CVE-2026-5435 https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=34033 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5435.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uaetuJImncB6wudykQLpEA==": { "id": "uaetuJImncB6wudykQLpEA==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uu3d3lIlYVCZwOjqoNec3g==": { "id": "uu3d3lIlYVCZwOjqoNec3g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libblkid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "vQmd/px1n2vUjUceHOjVLA==": { "id": "vQmd/px1n2vUjUceHOjVLA==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vtpIIEEoAREfzDi0+K26Fg==": { "id": "vtpIIEEoAREfzDi0+K26Fg==", "updater": "rhel-vex", "name": "CVE-2026-4424", "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://www.cve.org/CVERecord?id=CVE-2026-4424 https://nvd.nist.gov/vuln/detail/CVE-2026-4424 https://github.com/libarchive/libarchive/pull/2898 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "xxrOMZzPk7ETmnvrIjBo0A==": { "id": "xxrOMZzPk7ETmnvrIjBo0A==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y/3qWQj3xOUQpm2CUr+ftg==": { "id": "y/3qWQj3xOUQpm2CUr+ftg==", "updater": "rhel-vex", "name": "CVE-2025-9820", "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "issued": "2025-11-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9820 https://bugzilla.redhat.com/show_bug.cgi?id=2392528 https://www.cve.org/CVERecord?id=CVE-2025-9820 https://nvd.nist.gov/vuln/detail/CVE-2025-9820 https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 https://gitlab.com/gnutls/gnutls/-/issues/1732 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9820.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "y7I268PAr74OoToX85XE8w==": { "id": "y7I268PAr74OoToX85XE8w==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "yUucg71orzE08FiDgaKBPQ==": { "id": "yUucg71orzE08FiDgaKBPQ==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "ymKqobod4xPivmLT/iq9oQ==": { "id": "ymKqobod4xPivmLT/iq9oQ==", "updater": "rhel-vex", "name": "CVE-2026-41990", "description": "A flaw was found in Libgcrypt. During Dilithium signing operations, the library fails to perform a bounds check when writing to a static array. While the data involved is not directly controlled by an attacker, this vulnerability could lead to memory corruption, potentially resulting in a denial of service (DoS) or affecting data integrity.", "issued": "2026-04-23T04:39:04Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41990 https://bugzilla.redhat.com/show_bug.cgi?id=2461068 https://www.cve.org/CVERecord?id=CVE-2026-41990 https://nvd.nist.gov/vuln/detail/CVE-2026-41990 https://dev.gnupg.org/T8208 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41990.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yzZzF1vLZmeTiLJMgY7W0Q==": { "id": "yzZzF1vLZmeTiLJMgY7W0Q==", "updater": "rhel-vex", "name": "CVE-2025-7039", "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "issued": "2025-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7039 https://bugzilla.redhat.com/show_bug.cgi?id=2392423 https://www.cve.org/CVERecord?id=CVE-2025-7039 https://nvd.nist.gov/vuln/detail/CVE-2025-7039 https://gitlab.gnome.org/GNOME/glib/-/issues/3716 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7039.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "z/beWyrkyrQJfgGCkMIsWg==": { "id": "z/beWyrkyrQJfgGCkMIsWg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libsmartcols", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "zmNQpHydwXFAJmLcFFYiyQ==": { "id": "zmNQpHydwXFAJmLcFFYiyQ==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libuuid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "znnZtQrOfSxqGV/OZKzI5g==": { "id": "znnZtQrOfSxqGV/OZKzI5g==", "updater": "rhel-vex", "name": "CVE-2026-4111", "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "issued": "2026-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4111 https://bugzilla.redhat.com/show_bug.cgi?id=2446453 https://www.cve.org/CVERecord?id=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 https://github.com/libarchive/libarchive/pull/2877 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json https://access.redhat.com/errata/RHSA-2026:5080", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-7.el9_7", "arch_op": "pattern match" }, "zqGJegkbTlVqcHBa6HtRTQ==": { "id": "zqGJegkbTlVqcHBa6HtRTQ==", "updater": "rhel-vex", "name": "CVE-2025-14017", "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "issued": "2026-01-08T10:07:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14017 https://bugzilla.redhat.com/show_bug.cgi?id=2427870 https://www.cve.org/CVERecord?id=CVE-2025-14017 https://nvd.nist.gov/vuln/detail/CVE-2025-14017 https://curl.se/docs/CVE-2025-14017.html https://curl.se/docs/CVE-2025-14017.json https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14017.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+bwl6UbMaWOBWdHNekJsEw==": [ "AD3UsMwxeXvBzVWIm5l5yw==" ], "/L1kFEoHZTukrNTCQLypFQ==": [ "aOUfuyvyyWEe7Z1IZT+fGw==" ], "/ub7EE8Da46T0x7lRdlVJg==": [ "z/beWyrkyrQJfgGCkMIsWg==", "T+jfDhqJcXwVQ38oWEz/6g==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "2gCbp4kt+cF44NF/LqukDg==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "6WyRl8U3PR6ipKlxqlBzFA==": [ "tbhLz74i3ShwS72WbIsoOA==" ], "7mDaaxs3ev+uNEDYC97U3Q==": [ "1npmxgSnoYj2MyAhQMaE7g==" ], "7ra56f21gLrcSpBD8a9+NQ==": [ "BheYJlsY7UG2Ru8eF1IU4g==", "TccjTp2Y8sTyWrjrm24IKA==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "CpfomSYboaXPZ9yn9NgGgw==": [ "7aI+wyLEqkIPj2Wh4f1UKg==", "lppk3oI+Rm/KVCEYBGVKcg==" ], "FZ9gWulzkx76xjTSH/yM/g==": [ "L1pkWyFlg006sdV2pKTg4A==" ], "FrUQI+koTfbikRk1jsFd0w==": [ "XPUXyp+BOEJyEGOgXafi8Q==" ], "IZ65O3ZOapykHwhaOX1/YA==": [ "hHDtCxiuvJ9VSCSwnEG0Fw==" ], "KXUGN6voGlWUMRN5TCFy4w==": [ "QSP4YGVknCXnnhDrDAxftg==", "DrIVK8+yvV91OzF2CS9o5A==", "QskDoDnTSvrQeDXklM4YOw==", "vQmd/px1n2vUjUceHOjVLA==" ], "M9YTWinowLqOqX/+8mbhjg==": [ "LeWRqc+lggRL8KnG53e6CA==", "g6ZHihkpvpkr3oZoVOs05w==", "bugTfOdgCaATW4vTnuXTSQ==", "HxI42iSjURjRki+uV6q/9w==" ], "O1acB+rpl9OLkk9I6phF7Q==": [ "WxO9le6q4ACTs4KnSuckDw==" ], "OCIjbR16ktOEiFK36r0WNw==": [ "LuirMfnv2JkWFEU8MUuKUQ==" ], "OaFmq38HlbKLTTEM/qATzg==": [ "rz/CPeG1fPitayrSa0BFxQ==", "l1pK1ezh6e0g8I+Dp2iK7w==", "6rEIsdyQtCC456AuGwgsDQ==", "8MfvwX+dRI6Qt2H+x71rZg==", "oqSc7q4k6wTno/u9knscCQ==", "zqGJegkbTlVqcHBa6HtRTQ==", "Pza9Y2xtH9MChVMkZwgw2A==", "smB1yCGhBb8gDhPAER7odg==", "l6IrI73Pg+lrisEtcgX+0Q==", "YIlv6HIDfGqvZL/MDTWWpg==", "FQwXyPZ+oHyxQZ9RBQXbpw==", "X7DmUVoCri5i6vdYVBBgXg==", "a9FllBAJiFi5FeYl0KG4aQ==", "3UNcgW64Eji4iyY2ZDB1cg==" ], "P5Om9zCJ/QZ+hnrEvj6fGw==": [ "ymKqobod4xPivmLT/iq9oQ==" ], "PIk2BBAWexCFofMi5q03RA==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "S8p9UGak1oycptcpYp/1eg==": [ "d/522T+B/ARMNSG+3QfAWA==" ], "SjQtW3gQmgt+Qj8JlnY4Mg==": [ "bgJs7DKkcMwNTsh9yTDgQg==", "uu3d3lIlYVCZwOjqoNec3g==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "WtG8AvirpmNJ8wVE+fxfGQ==": [ "FLpBF1y0CvCfFuXOmlaRZw==", "AwYRRq6SmgfJLn2NZxQUdw==", "qFIYjZJeFnLAVC7lR0n6oQ==", "RHShqbO2hqcBNPYbKDg/3A==", "8kndQj/aRn+NNJdGVP9v4g==", "DTApvRZh1HJD5XbbpU3ahw==", "jiVVTQmOtKqVixv7agF/Hg==", "u0cs09LPRVEEfen4PHM6gA==", "F4WBuBnk4OQIl1a5Q4CVPg==", "8ZCpE1M7eqNdy615aO2gLQ==", "mYgwcPpa/l0bTZdysqbplg==" ], "XJlS+gwEt7T+nNr/Bflqzg==": [ "uWz4SaM79VpO4EPAy+0C8g==", "/A7M1zrsMND1dKjg2gEuyg==", "ija3h8P09PxwjEuLSUS2HA==", "59oEBlU3jh6EL6gtZDUaug==", "9bjl4H6CMWLL3h1g5y6i9Q==", "MT27FBW6q+x91HBvTyGVKQ==" ], "XMkvB1ljVS0bNTUu2UEs3g==": [ "XPUXyp+BOEJyEGOgXafi8Q==" ], "ZabCZVOpeuHGnRiGdzqBig==": [ "L1pkWyFlg006sdV2pKTg4A==" ], "ayTA+mXRKgSCRl5LaqP4/w==": [ "JqWXvYyB4T300h7KRcWtFA==", "klH60uFrR0WkawaSlcOEKg==", "VYGbkY0i6P3tRJd9mM1wNg==", "PrCrIesi0sSvMQjPpvxecw==", "Qbjoqw6Ot3cGOKNyQYBo4g==", "e0VfCD1REapdkagkByCnXQ==", "svCt47J2Zwa45xj8gn3U/w==", "ixc06f0H9vqMfsbwQSwwvA==", "yzZzF1vLZmeTiLJMgY7W0Q==", "NrTzMmbWyM5UeSvnQVNLOg==", "Eh3WlvVSpgyvj1kaA5So7g==" ], "eK3V3oi6vbIfOQRAcWBYDw==": [ "uWz4SaM79VpO4EPAy+0C8g==", "/A7M1zrsMND1dKjg2gEuyg==", "ija3h8P09PxwjEuLSUS2HA==", "59oEBlU3jh6EL6gtZDUaug==", "9bjl4H6CMWLL3h1g5y6i9Q==", "MT27FBW6q+x91HBvTyGVKQ==" ], "iVtx1BX52G3zRfk+g/oWIg==": [ "78ARTcr/iVbEbtXWNEyadA==", "7eKrcl3YwGJqhWmZNbH7Eg==", "KCgZ2MK707GRfjAO2Q3SOA==", "Q6o565VsHFcmyuOW6jCOGw==", "fFM0zIKtKuexRqlZMkzQpg==", "3bb0a18NQSPWO0aeq9twVw==", "WP0Zjo/ORuC7+jbSIrru8A==", "Argl342WI7oZtgSo+p9kMA==", "ncqqUTuMttuUZ8SF9/Ywrg==", "u90uEyQ6vxfKeIQvjGNTHQ==", "429KD7e1Cl6AyUZNBGOTQw==", "OB9n4NdBrq+3wlcM9+90Dg==", "JK4fCJz1Ja5lmfE/vF5PcQ==", "D7U85Qc3CYAscEzhSfT76A==", "e/EuZlSZUQTHCSl8kHuFag==", "+U7CyAHaY71mhNm2Xnq2uw==", "y7I268PAr74OoToX85XE8w==", "bjyLMZdYnkrpUxDySiQ34Q==", "4u3exWl+MPcCOYOgbQLM+A==", "ixD2h349uZz3eCy55KxIlw==", "j/vFtwZCr4ow5q2VPKgR9g==", "/jvSCV2RwJ6c/Llx9z8uvA==", "Jrkns8qeStFRPhcitcuZ4w==", "yUucg71orzE08FiDgaKBPQ==", "GWKQvGJTKzyU9GiQECoFhg==", "5amguv6OT1njd8r+RXMCQQ==", "2TDjlt2gAEWsLyBBPigFYw==", "WVv0x6iWhzRgZZTPZ190Ng==", "M293c+QguJ/aaYP3cMwfyQ==", "Ie7rkr8oApZOM9PK2gFB6A==", "0E1VjQWdmolR9lr9ElIZZQ==", "6hAQW3vY9ZA/8datv1rY4g==", "TwoNniaY2Urt7TF64epJXg==", "mZCCwO//htsOIXazj/SeOw==", "YtNpM5pykErH+UBXZABWdg==", "5BksN0izCeDRrtFMsNCyvg==" ], "izPQpATHYfezyT+kcua/tQ==": [ "1/8/Mjb4nleg0SsOivHAww==", "XdzUGUJMTsfPfs79OXKU4Q==", "y/3qWQj3xOUQpm2CUr+ftg==", "f6oGdnhZomBa/bs3snB3kA==" ], "kAEPeyZOK/FwFoG6mOFUbQ==": [ "VzbOWZs6Sa8zFH+GQEnasQ==" ], "lad8JH31WlI0MsNEYhUWlA==": [ "Iy2V+5RC7ENxxmnS9KdBOw==", "SYSyRuW2vXdWcXLSfRP1aQ==", "1hhG+RKT0fsxlS/Wf/LWEA==", "uWz4SaM79VpO4EPAy+0C8g==", "/A7M1zrsMND1dKjg2gEuyg==", "ija3h8P09PxwjEuLSUS2HA==", "59oEBlU3jh6EL6gtZDUaug==", "9bjl4H6CMWLL3h1g5y6i9Q==", "MT27FBW6q+x91HBvTyGVKQ==", "IrRjtVOpf04EO7iAKFAznQ==", "sJNoOKrtqJYf9M2tWcTlqg==", "+UOyQgpOAnrWS+mVMK5k1Q==" ], "mDM1q1sl0PqUWEn54kTSRw==": [ "N7otM4CJgwQwy0Mz0UA3Vw==", "Lhc4n2a9ma6eRDB/RCRmLQ==", "6rEIsdyQtCC456AuGwgsDQ==", "8MfvwX+dRI6Qt2H+x71rZg==", "oqSc7q4k6wTno/u9knscCQ==", "zqGJegkbTlVqcHBa6HtRTQ==", "Pza9Y2xtH9MChVMkZwgw2A==", "smB1yCGhBb8gDhPAER7odg==", "l6IrI73Pg+lrisEtcgX+0Q==", "YIlv6HIDfGqvZL/MDTWWpg==", "FQwXyPZ+oHyxQZ9RBQXbpw==", "X7DmUVoCri5i6vdYVBBgXg==", "a9FllBAJiFi5FeYl0KG4aQ==", "3UNcgW64Eji4iyY2ZDB1cg==" ], "nzQEyt4JfkGeZIIHPiBhog==": [ "zmNQpHydwXFAJmLcFFYiyQ==", "bOC69k4Gpn8Av1w/ra2Tdw==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "nzlusFbkan5h1d1Ks+BKBQ==": [ "tbhLz74i3ShwS72WbIsoOA==" ], "rY/kE/V4JnxYoqV+lmc9mg==": [ "DDxCHnX+kCqcRQj9b90/cg==" ], "v3i4ez5juML2ZWwR+6dFFg==": [ "PUCpgzV2LGcCb5yPJbawGw==", "AUiFITCnRjRxctzqqbDeeA==", "9iigvnuYDaC8UzcOIDLjIQ==", "iF/o4aDbQf1DAw7R+LiVQw==", "GAn7gWUe2pFr7PbwechqxA==", "76z9Mpn8Jp7lhZSPsHTHug==" ], "wfJGCqOH8d+IYg/dAepx1A==": [ "vtpIIEEoAREfzDi0+K26Fg==", "eUh0vSDVmqXTnsB7jL0b4g==", "znnZtQrOfSxqGV/OZKzI5g==", "uaetuJImncB6wudykQLpEA==", "VWEbeFnFOHy1IkG21b5a5g==", "xxrOMZzPk7ETmnvrIjBo0A==", "mJw+LvAbCoVMIOZXCXNFpg==", "76mWuVYhbmIFsc4DNorK9A==", "lQBARBTddFvexevUD04GZA==", "sykv+pGN4TXggZNIwL/H4g==", "Kqq2xlybjD/tOLmQWu2xPw==", "Ez8lHT2uV9Tf9vJC/T4WXg==", "YX2rGofSXHBcNhTOGpNkAA==", "LxYgcRll4fEnbCHHZWt4BA==", "KMGV9rbVZ/vVUNSX6f+JqA==" ] }, "enrichments": {} } pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz@sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz@sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 4, "warnings": [ { "msg": "Found packages with high vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: gnupg2-2.3.3-4.el9 (CVE-2025-68973), sqlite-libs-3.34.1-8.el9_6 (CVE-2025-6965), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-15467), libnghttp2-1.43.0-6.el9 (CVE-2026-27135), libarchive-3.5.3-6.el9_6 (CVE-2026-4111, CVE-2026-4424)", "name": "clair_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 6 } }, { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libcap-2.48-9.el9_2 (CVE-2026-4878), krb5-libs-1.21.1-8.el9_6 (CVE-2026-40356)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 2 } }, { "msg": "Found packages with medium vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: libxml2-2.9.13-12.el9_6 (CVE-2025-9714), libblkid-2.37.4-21.el9 (CVE-2025-14104), glibc-2.34-168.el9_6.23 (CVE-2026-0915), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2025-9086), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-11187, CVE-2025-69419, CVE-2025-9230), libmount-2.37.4-21.el9 (CVE-2025-14104), glib2-2.68.4-16.el9_6.2 (CVE-2025-13601), curl-minimal-7.76.1-31.el9_6.1 (CVE-2025-9086), libarchive-3.5.3-6.el9_6 (CVE-2026-5121), systemd-libs-252-51.el9_6.2 (CVE-2025-4598), gnutls-3.8.3-6.el9_6.2 (CVE-2025-14831), libsmartcols-2.37.4-21.el9 (CVE-2025-14104), libuuid-2.37.4-21.el9 (CVE-2025-14104)", "name": "clair_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 15 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libxml2-2.9.13-12.el9_6 (CVE-2026-0990, CVE-2026-1757, CVE-2026-6732), openldap-2.6.8-4.el9 (CVE-2026-22185), libblkid-2.37.4-21.el9 (CVE-2026-27456), coreutils-single-8.32-39.el9 (CVE-2025-5278), gnupg2-2.3.3-4.el9 (CVE-2025-68972), glibc-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805), glibc-common-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2026-28386, CVE-2026-28390, CVE-2026-31790), libmount-2.37.4-21.el9 (CVE-2026-27456), krb5-libs-1.21.1-8.el9_6 (CVE-2026-40355), glib2-2.68.4-16.el9_6.2 (CVE-2025-14087, CVE-2025-14512, CVE-2026-1484, CVE-2026-1489), curl-minimal-7.76.1-31.el9_6.1 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805), libarchive-3.5.3-6.el9_6 (CVE-2023-30571, CVE-2025-60753, CVE-2026-4426, CVE-2026-5745), systemd-libs-252-51.el9_6.2 (CVE-2026-29111, CVE-2026-4105), glibc-minimal-langpack-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), libsmartcols-2.37.4-21.el9 (CVE-2026-27456), xz-libs-5.2.5-8.el9_0 (CVE-2026-34743), libuuid-2.37.4-21.el9 (CVE-2026-27456)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 52 } }, { "msg": "Found packages with low/negligible vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: glibc-2.34-168.el9_6.23 (CVE-2025-15281, CVE-2026-0861), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796), shadow-utils-2:4.9-12.el9 (CVE-2024-56433), gnutls-3.8.3-6.el9_6.2 (CVE-2025-9820)", "name": "clair_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 13 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libxml2-2.9.13-12.el9_6 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170, CVE-2026-0989, CVE-2026-0992), gnupg2-2.3.3-4.el9 (CVE-2022-3219, CVE-2025-30258, CVE-2026-24883), glibc-2.34-168.el9_6.23 (CVE-2026-4438), ncurses-base-6.2-10.20210508.el9_6.2 (CVE-2023-50495), libstdc++-11.5.0-5.el9_5 (CVE-2022-27943), sqlite-libs-3.34.1-8.el9_6 (CVE-2024-0232, CVE-2025-70873), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224), glibc-common-2.34-168.el9_6.23 (CVE-2026-4438), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232, CVE-2026-2673, CVE-2026-28388, CVE-2026-28389, CVE-2026-31789), libtasn1-4.16.0-9.el9 (CVE-2025-13151), glib2-2.68.4-16.el9_6.2 (CVE-2023-32636, CVE-2025-3360, CVE-2025-7039, CVE-2026-0988, CVE-2026-1485), curl-minimal-7.76.1-31.el9_6.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224), libarchive-3.5.3-6.el9_6 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), pcre2-syntax-10.40-6.el9 (CVE-2022-41409), ncurses-libs-6.2-10.20210508.el9_6.2 (CVE-2023-50495), pcre2-10.40-6.el9 (CVE-2022-41409), glibc-minimal-langpack-2.34-168.el9_6.23 (CVE-2026-4438), openssl-fips-provider-3.0.7-6.el9_5 (CVE-2026-2673), openssl-fips-provider-so-3.0.7-6.el9_5 (CVE-2026-2673), gawk-5.1.0-6.el9 (CVE-2023-4156), libgcrypt-1.10.0-11.el9 (CVE-2026-41990), zlib-1.2.11-40.el9 (CVE-2026-27171), libgcc-11.5.0-5.el9_5 (CVE-2022-27943)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 55 } } ] } ] {"vulnerabilities":{"critical":0,"high":6,"medium":15,"low":13,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":2,"medium":52,"low":55,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:eea6207da83b5377451aaa84b74706c18a9ace50", "digests": ["sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43"]}} {"result":"SUCCESS","timestamp":"2026-04-29T14:05:52+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clamav-scan-pod | init container: prepare 2026/04/29 14:05:14 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clamav-scan-pod | init container: place-scripts 2026/04/29 14:05:17 Decoded script /tekton/scripts/script-0-fxfph 2026/04/29 14:05:17 Decoded script /tekton/scripts/script-1-rnlf4 pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clamav-scan-pod | container step-extract-and-scan-image: /start-clamd.sh: fork: retry: Resource temporarily unavailable Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz@sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 1.926 sec (0 m 1 s) Start Date: 2026:04:29 14:05:43 End Date: 2026:04:29 14:05:45 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27985/Tue Apr 28 06:25:02 2026 Database version: 27985 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1777471545","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1777471545","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1777471545","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:eea6207da83b5377451aaa84b74706c18a9ace50", "digests": ["sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43"]}} pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz Attaching to quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:eea6207da83b5377451aaa84b74706c18a9ace50 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:eea6207da83b5377451aaa84b74706c18a9ace50@sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 1466d95e09f9 clamscan-ec-test-amd64.json Uploading b4cdd1a167a2 clamscan-result-amd64.log Uploaded 1466d95e09f9 clamscan-ec-test-amd64.json Uploaded b4cdd1a167a2 clamscan-result-amd64.log Uploading d25ee3ffc7d2 application/vnd.oci.image.manifest.v1+json Uploaded d25ee3ffc7d2 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:eea6207da83b5377451aaa84b74706c18a9ace50@sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 Digest: sha256:d25ee3ffc7d28b258286a7f4c25488252e522d858b1a9eace8800fd6b6336c05 pod: gh-multi-component-parent-wvpz-on-push-gz7ll-init-pod | init container: prepare 2026/04/29 14:03:16 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-push-gz7ll-init-pod | container step-init: time="2026-04-29T14:03:19Z" level=info msg="[param] enable: false" time="2026-04-29T14:03:19Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T14:03:19Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T14:03:19Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T14:03:19Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T14:03:19Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T14:03:19Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T14:03:19Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T14:03:19Z" level=info msg="[result] NO PROXY: " [FAILED] in [It] - /workspace/source/test/e2e/renovate.go:403 @ 04/29/26 14:06:13.45 << Timeline [FAILED] Expected success, but got an error: <*errors.errorString | 0xc00075d2a0>: pod: gh-multi-component-parent-wvpz-on-pull-request-r88jd-init-pod | init container: prepare 2026/04/29 13:13:46 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-pull-request-r88jd-init-pod | container step-init: time="2026-04-29T13:13:49Z" level=info msg="[param] enable: false" time="2026-04-29T13:13:49Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:13:49Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:13:49Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:13:49Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:13:49Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:13:49Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:13:49Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:13:49Z" level=info msg="[result] NO PROXY: " pod: gh-multi-component-parent-wvpz-on-push-gz7ll-apply-tags-pod | init container: prepare 2026/04/29 14:05:20 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-push-gz7ll-apply-tags-pod | container step-apply-additional-tags: pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | init container: prepare 2026/04/29 14:05:12 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | init container: place-scripts 2026/04/29 14:05:14 Decoded script /tekton/scripts/script-0-6nksn 2026/04/29 14:05:14 Decoded script /tekton/scripts/script-1-s2p9b 2026/04/29 14:05:14 Decoded script /tekton/scripts/script-2-rz7ls 2026/04/29 14:05:14 Decoded script /tekton/scripts/script-3-62zk6 pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz@sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43. pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-04-29T14:05:31Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"}] 2026-04-29T14:05:31Z INF libvuln initialized component=libvuln/New 2026-04-29T14:05:31Z INF registered configured scanners component=libindex/New 2026-04-29T14:05:31Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-04-29T14:05:31Z INF index request start component=libindex/Libindex.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 2026-04-29T14:05:31Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 2026-04-29T14:05:31Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=CheckManifest 2026-04-29T14:05:31Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=FetchLayers 2026-04-29T14:05:32Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=FetchLayers 2026-04-29T14:05:32Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=FetchLayers 2026-04-29T14:05:32Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=ScanLayers 2026-04-29T14:05:40Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=ScanLayers 2026-04-29T14:05:40Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=IndexManifest 2026-04-29T14:05:40Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=IndexFinished 2026-04-29T14:05:40Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 state=IndexFinished 2026-04-29T14:05:40Z INF index request done component=libindex/Libindex.Index manifest=sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 { "manifest_hash": "sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43", "packages": { "+A7/nzEXX3Q/xJZ50VMnlQ==": { "id": "+A7/nzEXX3Q/xJZ50VMnlQ==", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+X1MdmtPTbyDb/wq7joJhA==": { "id": "+X1MdmtPTbyDb/wq7joJhA==", "name": "libtool-ltdl", "version": "2.4.6-46.el9", "kind": "binary", "source": { "id": "", "name": "libtool", "version": "2.4.6-46.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+bwl6UbMaWOBWdHNekJsEw==": { "id": "+bwl6UbMaWOBWdHNekJsEw==", "name": "coreutils-single", "version": "8.32-39.el9", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-39.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/L1kFEoHZTukrNTCQLypFQ==": { "id": "/L1kFEoHZTukrNTCQLypFQ==", "name": "xz-libs", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/O7rOBo1qRMFm3q3Kf3mEw==": { "id": "/O7rOBo1qRMFm3q3Kf3mEw==", "name": "libselinux", "version": "3.6-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.6-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/h/TBQhfoSMCmey5oN87jA==": { "id": "/h/TBQhfoSMCmey5oN87jA==", "name": "libsolv", "version": "0.7.24-3.el9", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.24-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ub7EE8Da46T0x7lRdlVJg==": { "id": "/ub7EE8Da46T0x7lRdlVJg==", "name": "libsmartcols", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0T19Aon0dgLleTpQjLWzKw==": { "id": "0T19Aon0dgLleTpQjLWzKw==", "name": "crypto-policies", "version": "20250128-1.git5269e22.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20250128-1.git5269e22.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1atoBfoH0mJ0bCpetQ7/0g==": { "id": "1atoBfoH0mJ0bCpetQ7/0g==", "name": "file-libs", "version": "5.39-16.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2gCbp4kt+cF44NF/LqukDg==": { "id": "2gCbp4kt+cF44NF/LqukDg==", "name": "pcre2-syntax", "version": "10.40-6.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "5+tHFkkNi+1rUDSrmgYdkw==": { "id": "5+tHFkkNi+1rUDSrmgYdkw==", "name": "p11-kit-trust", "version": "0.25.3-3.el9_5", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5fhQlRzIg/IB8EVM2pFIZA==": { "id": "5fhQlRzIg/IB8EVM2pFIZA==", "name": "audit-libs", "version": "3.1.5-4.el9", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.5-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6WyRl8U3PR6ipKlxqlBzFA==": { "id": "6WyRl8U3PR6ipKlxqlBzFA==", "name": "ncurses-base", "version": "6.2-10.20210508.el9_6.2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-10.20210508.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "7cpIREEQnkaI7dbmWgmrvg==": { "id": "7cpIREEQnkaI7dbmWgmrvg==", "name": "gdbm-libs", "version": "1:1.23-1.el9", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.23-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7mDaaxs3ev+uNEDYC97U3Q==": { "id": "7mDaaxs3ev+uNEDYC97U3Q==", "name": "zlib", "version": "1.2.11-40.el9", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-40.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7ra56f21gLrcSpBD8a9+NQ==": { "id": "7ra56f21gLrcSpBD8a9+NQ==", "name": "libmount", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7vssDPaHKfFKMLimKBo7Gw==": { "id": "7vssDPaHKfFKMLimKBo7Gw==", "name": "libpeas", "version": "1.30.0-4.el9", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.30.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8uME+PFu6p/OAD7q+ZTVLw==": { "id": "8uME+PFu6p/OAD7q+ZTVLw==", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9olIUlLHZMdoUMju+8diyQ==": { "id": "9olIUlLHZMdoUMju+8diyQ==", "name": "filesystem", "version": "3.16-5.el9", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.16-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BQhiFmX4hLYteW4oRCLTSA==": { "id": "BQhiFmX4hLYteW4oRCLTSA==", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BRLVvSCW1qZQlEQR2x48fQ==": { "id": "BRLVvSCW1qZQlEQR2x48fQ==", "name": "gobject-introspection", "version": "1.68.0-11.el9", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.68.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CpfomSYboaXPZ9yn9NgGgw==": { "id": "CpfomSYboaXPZ9yn9NgGgw==", "name": "krb5-libs", "version": "1.21.1-8.el9_6", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.21.1-8.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DrLq8qfU1bfE8o8AfdvkrQ==": { "id": "DrLq8qfU1bfE8o8AfdvkrQ==", "name": "libverto", "version": "0.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FZ9gWulzkx76xjTSH/yM/g==": { "id": "FZ9gWulzkx76xjTSH/yM/g==", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "binary", "source": { "id": "", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FrUQI+koTfbikRk1jsFd0w==": { "id": "FrUQI+koTfbikRk1jsFd0w==", "name": "libstdc++", "version": "11.5.0-5.el9_5", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.5.0-5.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G61ZL2SOHR2qgvQfi118gw==": { "id": "G61ZL2SOHR2qgvQfi118gw==", "name": "dejavu-sans-fonts", "version": "2.37-18.el9", "kind": "binary", "source": { "id": "", "name": "dejavu-fonts", "version": "2.37-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HQdWvmyUSqtI3UTY0T4JiQ==": { "id": "HQdWvmyUSqtI3UTY0T4JiQ==", "name": "pcre", "version": "8.44-4.el9", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "I16VSEydeiRYB1TSf5694A==": { "id": "I16VSEydeiRYB1TSf5694A==", "name": "libreport-filesystem", "version": "2.15.2-6.el9", "kind": "binary", "source": { "id": "", "name": "libreport", "version": "2.15.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IZ65O3ZOapykHwhaOX1/YA==": { "id": "IZ65O3ZOapykHwhaOX1/YA==", "name": "libnghttp2", "version": "1.43.0-6.el9", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.43.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JKP7JzVg7UGaAz4VrH03lQ==": { "id": "JKP7JzVg7UGaAz4VrH03lQ==", "name": "langpacks-core-font-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KF5C+zKu/uFB7knCqOvDAQ==": { "id": "KF5C+zKu/uFB7knCqOvDAQ==", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KXUGN6voGlWUMRN5TCFy4w==": { "id": "KXUGN6voGlWUMRN5TCFy4w==", "name": "systemd-libs", "version": "252-51.el9_6.2", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "252-51.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Lwqn0aweLQLZmo12VvYcog==": { "id": "Lwqn0aweLQLZmo12VvYcog==", "name": "popt", "version": "1.18-8.el9", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "M9YTWinowLqOqX/+8mbhjg==": { "id": "M9YTWinowLqOqX/+8mbhjg==", "name": "sqlite-libs", "version": "3.34.1-8.el9_6", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-8.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MDH8Zt4oQWDiYk9qFV5Lbg==": { "id": "MDH8Zt4oQWDiYk9qFV5Lbg==", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NdCY2/S+syamLH224R4hug==": { "id": "NdCY2/S+syamLH224R4hug==", "name": "langpacks-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "O1acB+rpl9OLkk9I6phF7Q==": { "id": "O1acB+rpl9OLkk9I6phF7Q==", "name": "shadow-utils", "version": "2:4.9-12.el9", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.9-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OCIjbR16ktOEiFK36r0WNw==": { "id": "OCIjbR16ktOEiFK36r0WNw==", "name": "libtasn1", "version": "4.16.0-9.el9", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.16.0-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OaFmq38HlbKLTTEM/qATzg==": { "id": "OaFmq38HlbKLTTEM/qATzg==", "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-31.el9_6.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OgwdUybWl/HQYbnPTE4Psw==": { "id": "OgwdUybWl/HQYbnPTE4Psw==", "name": "npth", "version": "1.6-8.el9", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.6-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ohssf0Jzlafd9vtrrUKCXg==": { "id": "Ohssf0Jzlafd9vtrrUKCXg==", "name": "bash", "version": "5.1.8-9.el9", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Om9zCJ/QZ+hnrEvj6fGw==": { "id": "P5Om9zCJ/QZ+hnrEvj6fGw==", "name": "libgcrypt", "version": "1.10.0-11.el9", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.10.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PIk2BBAWexCFofMi5q03RA==": { "id": "PIk2BBAWexCFofMi5q03RA==", "name": "pcre2", "version": "10.40-6.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PZXvGa4khHd2n6o73hJ/Pg==": { "id": "PZXvGa4khHd2n6o73hJ/Pg==", "name": "microdnf", "version": "3.9.1-3.el9", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.9.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RXh3fimX8fGZeCt4chJEiA==": { "id": "RXh3fimX8fGZeCt4chJEiA==", "name": "librhsm", "version": "0.0.3-9.el9", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "S8p9UGak1oycptcpYp/1eg==": { "id": "S8p9UGak1oycptcpYp/1eg==", "name": "openldap", "version": "2.6.8-4.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.8-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SjQtW3gQmgt+Qj8JlnY4Mg==": { "id": "SjQtW3gQmgt+Qj8JlnY4Mg==", "name": "libblkid", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Su8bfW9ijc0V5CiAum2V1g==": { "id": "Su8bfW9ijc0V5CiAum2V1g==", "name": "bzip2-libs", "version": "1.0.8-10.el9_5", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-10.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TPIRq84Pr3a6ywzPeCr3Pw==": { "id": "TPIRq84Pr3a6ywzPeCr3Pw==", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "To0NR+oyXDu1CYJfmVGurQ==": { "id": "To0NR+oyXDu1CYJfmVGurQ==", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VV2Z1ngTs6sGvt5SrayPCg==": { "id": "VV2Z1ngTs6sGvt5SrayPCg==", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VX9V+Y680L2xf2tBREdpCw==": { "id": "VX9V+Y680L2xf2tBREdpCw==", "name": "gmp", "version": "1:6.2.0-13.el9", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.2.0-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WtG8AvirpmNJ8wVE+fxfGQ==": { "id": "WtG8AvirpmNJ8wVE+fxfGQ==", "name": "libxml2", "version": "2.9.13-12.el9_6", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-12.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XG5+bW8np2NedSy/od6z8Q==": { "id": "XG5+bW8np2NedSy/od6z8Q==", "name": "libacl", "version": "2.3.1-4.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XJlS+gwEt7T+nNr/Bflqzg==": { "id": "XJlS+gwEt7T+nNr/Bflqzg==", "name": "glibc-minimal-langpack", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XMkvB1ljVS0bNTUu2UEs3g==": { "id": "XMkvB1ljVS0bNTUu2UEs3g==", "name": "libgcc", "version": "11.5.0-5.el9_5", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.5.0-5.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XwbkaIGCYyq6BjBMVZ1wzw==": { "id": "XwbkaIGCYyq6BjBMVZ1wzw==", "name": "readline", "version": "8.1-4.el9", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZabCZVOpeuHGnRiGdzqBig==": { "id": "ZabCZVOpeuHGnRiGdzqBig==", "name": "openssl-fips-provider-so", "version": "3.0.7-6.el9_5", "kind": "binary", "source": { "id": "", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "arLt5War9yeQ8auYn/Idmw==": { "id": "arLt5War9yeQ8auYn/Idmw==", "name": "nettle", "version": "3.10.1-1.el9", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.10.1-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ayTA+mXRKgSCRl5LaqP4/w==": { "id": "ayTA+mXRKgSCRl5LaqP4/w==", "name": "glib2", "version": "2.68.4-16.el9_6.2", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-16.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bFvWffGqJWr7FWnI7K9NVw==": { "id": "bFvWffGqJWr7FWnI7K9NVw==", "name": "grep", "version": "3.6-5.el9", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bemGVBhbDe9iV1Kjvd9hAA==": { "id": "bemGVBhbDe9iV1Kjvd9hAA==", "name": "libffi", "version": "3.4.2-8.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bgzKs6bbeWeXxcqE+n7Jog==": { "id": "bgzKs6bbeWeXxcqE+n7Jog==", "name": "libsepol", "version": "3.6-2.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.6-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dC9CoYt17eaqinGSVCfCxw==": { "id": "dC9CoYt17eaqinGSVCfCxw==", "name": "libattr", "version": "2.5.1-3.el9", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.5.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "de44cUqF23LvU0fOSvNRjA==": { "id": "de44cUqF23LvU0fOSvNRjA==", "name": "libevent", "version": "2.1.12-8.el9_4", "kind": "binary", "source": { "id": "", "name": "libevent", "version": "2.1.12-8.el9_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dpQG/pUwAqVv1OdQqnvylQ==": { "id": "dpQG/pUwAqVv1OdQqnvylQ==", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eK3V3oi6vbIfOQRAcWBYDw==": { "id": "eK3V3oi6vbIfOQRAcWBYDw==", "name": "glibc-common", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eRa7MZyiHBvsv7GPhkGKdg==": { "id": "eRa7MZyiHBvsv7GPhkGKdg==", "name": "lua-libs", "version": "5.4.4-4.el9", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.4.4-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eaygsCP+5IpdIryvw94Tcw==": { "id": "eaygsCP+5IpdIryvw94Tcw==", "name": "rootfiles", "version": "8.1-34.el9", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-34.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f8lJd/yoDqE6O0RUQGqkpQ==": { "id": "f8lJd/yoDqE6O0RUQGqkpQ==", "name": "libusbx", "version": "1.0.26-1.el9", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.26-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gsKPriszRNKAqMnHK+dXgw==": { "id": "gsKPriszRNKAqMnHK+dXgw==", "name": "libksba", "version": "1.5.1-7.el9", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.5.1-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hYEisV19Dxn4PvCvxJFm5A==": { "id": "hYEisV19Dxn4PvCvxJFm5A==", "name": "lz4-libs", "version": "1.9.3-5.el9", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iTD/lpKAM3AZEWh+zVx2tg==": { "id": "iTD/lpKAM3AZEWh+zVx2tg==", "name": "librepo", "version": "1.14.5-2.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.5-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iVtx1BX52G3zRfk+g/oWIg==": { "id": "iVtx1BX52G3zRfk+g/oWIg==", "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.2.2-6.el9_5.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iaJm7Mdk9UadnBII0ZwMeA==": { "id": "iaJm7Mdk9UadnBII0ZwMeA==", "name": "dnf-data", "version": "4.14.0-25.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.14.0-25.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "izPQpATHYfezyT+kcua/tQ==": { "id": "izPQpATHYfezyT+kcua/tQ==", "name": "gnutls", "version": "3.8.3-6.el9_6.2", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.8.3-6.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jAjaNW7NMGiv7HfByDu4RQ==": { "id": "jAjaNW7NMGiv7HfByDu4RQ==", "name": "alternatives", "version": "1.24-2.el9", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.24-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kAEPeyZOK/FwFoG6mOFUbQ==": { "id": "kAEPeyZOK/FwFoG6mOFUbQ==", "name": "libcap", "version": "2.48-9.el9_2", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-9.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kFxhSjWy84mTZBM4XiZaeQ==": { "id": "kFxhSjWy84mTZBM4XiZaeQ==", "name": "setup", "version": "2.13.7-10.el9", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.13.7-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kgbITSeRtKiT7enG8buGXw==": { "id": "kgbITSeRtKiT7enG8buGXw==", "name": "libcom_err", "version": "1.46.5-7.el9", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kigiD4fuysu8/DeCr+ONKQ==": { "id": "kigiD4fuysu8/DeCr+ONKQ==", "name": "basesystem", "version": "11-13.el9", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kp6BaioAZ30jbVeZkkzokA==": { "id": "kp6BaioAZ30jbVeZkkzokA==", "name": "libzstd", "version": "1.5.5-1.el9", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.5.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kvpHJLhsWpgEBJjx168pDg==": { "id": "kvpHJLhsWpgEBJjx168pDg==", "name": "tzdata", "version": "2025b-1.el9", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025b-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lI6hCbIwETVhCFhL4BxyiQ==": { "id": "lI6hCbIwETVhCFhL4BxyiQ==", "name": "libdnf", "version": "0.69.0-13.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.69.0-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lad8JH31WlI0MsNEYhUWlA==": { "id": "lad8JH31WlI0MsNEYhUWlA==", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mDM1q1sl0PqUWEn54kTSRw==": { "id": "mDM1q1sl0PqUWEn54kTSRw==", "name": "curl-minimal", "version": "7.76.1-31.el9_6.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-31.el9_6.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mK/FUfODp3MR7WS2xegPsw==": { "id": "mK/FUfODp3MR7WS2xegPsw==", "name": "langpacks-core-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mPqGnMbiXN6jP61aGbHvOA==": { "id": "mPqGnMbiXN6jP61aGbHvOA==", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nzQEyt4JfkGeZIIHPiBhog==": { "id": "nzQEyt4JfkGeZIIHPiBhog==", "name": "libuuid", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nzlusFbkan5h1d1Ks+BKBQ==": { "id": "nzlusFbkan5h1d1Ks+BKBQ==", "name": "ncurses-libs", "version": "6.2-10.20210508.el9_6.2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-10.20210508.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pYM7mYzFYUjRrK74RyhfOw==": { "id": "pYM7mYzFYUjRrK74RyhfOw==", "name": "redhat-release", "version": "9.6-0.1.el9", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "9.6-0.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qYSZ6aKFWol313IOGRXaug==": { "id": "qYSZ6aKFWol313IOGRXaug==", "name": "json-c", "version": "0.14-11.el9", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.14-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rCLp3m64Catai9VuHvh3Lw==": { "id": "rCLp3m64Catai9VuHvh3Lw==", "name": "keyutils-libs", "version": "1.6.3-1.el9", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rY/kE/V4JnxYoqV+lmc9mg==": { "id": "rY/kE/V4JnxYoqV+lmc9mg==", "name": "gawk", "version": "5.1.0-6.el9", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "5.1.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rlHYqOr0lkUB/Gs6b1kD2g==": { "id": "rlHYqOr0lkUB/Gs6b1kD2g==", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ssPaV1VLDu6d5ZJ6Rrmh3A==": { "id": "ssPaV1VLDu6d5ZJ6Rrmh3A==", "name": "sed", "version": "4.8-9.el9", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sx0C6L5COHIkv6yQQyPlbw==": { "id": "sx0C6L5COHIkv6yQQyPlbw==", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u5TyEoU5GA6Z2czzwhMLiA==": { "id": "u5TyEoU5GA6Z2czzwhMLiA==", "name": "fonts-filesystem", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "v3i4ez5juML2ZWwR+6dFFg==": { "id": "v3i4ez5juML2ZWwR+6dFFg==", "name": "gnupg2", "version": "2.3.3-4.el9", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.3.3-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wCA3gMNtInqX1xg18QcnQg==": { "id": "wCA3gMNtInqX1xg18QcnQg==", "name": "ca-certificates", "version": "2024.2.69_v8.0.303-91.4.el9_4", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2024.2.69_v8.0.303-91.4.el9_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wfJGCqOH8d+IYg/dAepx1A==": { "id": "wfJGCqOH8d+IYg/dAepx1A==", "name": "libarchive", "version": "3.5.3-6.el9_6", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-6.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "x4oijVhQU8BUwJwoFvk4QA==": { "id": "x4oijVhQU8BUwJwoFvk4QA==", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xSopjH0yPtbnx33MBmtmuA==": { "id": "xSopjH0yPtbnx33MBmtmuA==", "name": "rpm-libs", "version": "4.16.1.3-37.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xhMgwxa+ubXlCA6s9XfRgw==": { "id": "xhMgwxa+ubXlCA6s9XfRgw==", "name": "cyrus-sasl-lib", "version": "2.1.27-21.el9", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yEp9fQVFIQAEDPCwC3GLmA==": { "id": "yEp9fQVFIQAEDPCwC3GLmA==", "name": "libsemanage", "version": "3.6-5.el9_6", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.6-5.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zPvTALB8qlNtHa1j2iT5Zg==": { "id": "zPvTALB8qlNtHa1j2iT5Zg==", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "69ef4a50-29cf-446d-957a-e8b1551e6950": { "id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "9", "version_code_name": "", "version_id": "9", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 9" } }, "repository": { "92da4433-0429-4f32-b32a-32e14194a45b": { "id": "92da4433-0429-4f32-b32a-32e14194a45b", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "b3fd82fe-34cd-4835-99e9-642c3e8299b2": { "id": "b3fd82fe-34cd-4835-99e9-642c3e8299b2", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" } }, "environments": { "+A7/nzEXX3Q/xJZ50VMnlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "+X1MdmtPTbyDb/wq7joJhA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "+bwl6UbMaWOBWdHNekJsEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "/L1kFEoHZTukrNTCQLypFQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "/O7rOBo1qRMFm3q3Kf3mEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "/h/TBQhfoSMCmey5oN87jA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "/ub7EE8Da46T0x7lRdlVJg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "0T19Aon0dgLleTpQjLWzKw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "1atoBfoH0mJ0bCpetQ7/0g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "2gCbp4kt+cF44NF/LqukDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "5+tHFkkNi+1rUDSrmgYdkw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "5fhQlRzIg/IB8EVM2pFIZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "6WyRl8U3PR6ipKlxqlBzFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "7cpIREEQnkaI7dbmWgmrvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "7mDaaxs3ev+uNEDYC97U3Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "7ra56f21gLrcSpBD8a9+NQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "7vssDPaHKfFKMLimKBo7Gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "8uME+PFu6p/OAD7q+ZTVLw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "9olIUlLHZMdoUMju+8diyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "BQhiFmX4hLYteW4oRCLTSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "BRLVvSCW1qZQlEQR2x48fQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "CpfomSYboaXPZ9yn9NgGgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "DrLq8qfU1bfE8o8AfdvkrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "FZ9gWulzkx76xjTSH/yM/g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "FrUQI+koTfbikRk1jsFd0w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "G61ZL2SOHR2qgvQfi118gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "HQdWvmyUSqtI3UTY0T4JiQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "I16VSEydeiRYB1TSf5694A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "IZ65O3ZOapykHwhaOX1/YA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "JKP7JzVg7UGaAz4VrH03lQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "KF5C+zKu/uFB7knCqOvDAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "KXUGN6voGlWUMRN5TCFy4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "Lwqn0aweLQLZmo12VvYcog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "M9YTWinowLqOqX/+8mbhjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "MDH8Zt4oQWDiYk9qFV5Lbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "NdCY2/S+syamLH224R4hug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "O1acB+rpl9OLkk9I6phF7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "OCIjbR16ktOEiFK36r0WNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "OaFmq38HlbKLTTEM/qATzg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "OgwdUybWl/HQYbnPTE4Psw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "Ohssf0Jzlafd9vtrrUKCXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "P5Om9zCJ/QZ+hnrEvj6fGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "PIk2BBAWexCFofMi5q03RA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "PZXvGa4khHd2n6o73hJ/Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "RXh3fimX8fGZeCt4chJEiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "S8p9UGak1oycptcpYp/1eg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "SjQtW3gQmgt+Qj8JlnY4Mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "Su8bfW9ijc0V5CiAum2V1g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "TPIRq84Pr3a6ywzPeCr3Pw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "To0NR+oyXDu1CYJfmVGurQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "VV2Z1ngTs6sGvt5SrayPCg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "VX9V+Y680L2xf2tBREdpCw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "WtG8AvirpmNJ8wVE+fxfGQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "XG5+bW8np2NedSy/od6z8Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "XJlS+gwEt7T+nNr/Bflqzg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "XMkvB1ljVS0bNTUu2UEs3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "XwbkaIGCYyq6BjBMVZ1wzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "ZabCZVOpeuHGnRiGdzqBig==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "arLt5War9yeQ8auYn/Idmw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "ayTA+mXRKgSCRl5LaqP4/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "bFvWffGqJWr7FWnI7K9NVw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "bemGVBhbDe9iV1Kjvd9hAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "bgzKs6bbeWeXxcqE+n7Jog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "dC9CoYt17eaqinGSVCfCxw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "de44cUqF23LvU0fOSvNRjA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "dpQG/pUwAqVv1OdQqnvylQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "eK3V3oi6vbIfOQRAcWBYDw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "eRa7MZyiHBvsv7GPhkGKdg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "eaygsCP+5IpdIryvw94Tcw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "f8lJd/yoDqE6O0RUQGqkpQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "gsKPriszRNKAqMnHK+dXgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "hYEisV19Dxn4PvCvxJFm5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "iTD/lpKAM3AZEWh+zVx2tg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "iVtx1BX52G3zRfk+g/oWIg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "iaJm7Mdk9UadnBII0ZwMeA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "izPQpATHYfezyT+kcua/tQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "jAjaNW7NMGiv7HfByDu4RQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "kAEPeyZOK/FwFoG6mOFUbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "kFxhSjWy84mTZBM4XiZaeQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "kgbITSeRtKiT7enG8buGXw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "kigiD4fuysu8/DeCr+ONKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "kp6BaioAZ30jbVeZkkzokA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "kvpHJLhsWpgEBJjx168pDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "lI6hCbIwETVhCFhL4BxyiQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "lad8JH31WlI0MsNEYhUWlA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "mDM1q1sl0PqUWEn54kTSRw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "mK/FUfODp3MR7WS2xegPsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "mPqGnMbiXN6jP61aGbHvOA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "nzQEyt4JfkGeZIIHPiBhog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "nzlusFbkan5h1d1Ks+BKBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "pYM7mYzFYUjRrK74RyhfOw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "qYSZ6aKFWol313IOGRXaug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "rCLp3m64Catai9VuHvh3Lw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "rY/kE/V4JnxYoqV+lmc9mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "rlHYqOr0lkUB/Gs6b1kD2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "ssPaV1VLDu6d5ZJ6Rrmh3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "sx0C6L5COHIkv6yQQyPlbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "u5TyEoU5GA6Z2czzwhMLiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "v3i4ez5juML2ZWwR+6dFFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "wCA3gMNtInqX1xg18QcnQg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "wfJGCqOH8d+IYg/dAepx1A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "x4oijVhQU8BUwJwoFvk4QA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "xSopjH0yPtbnx33MBmtmuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "xhMgwxa+ubXlCA6s9XfRgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "yEp9fQVFIQAEDPCwC3GLmA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ], "zPvTALB8qlNtHa1j2iT5Zg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "69ef4a50-29cf-446d-957a-e8b1551e6950", "repository_ids": [ "92da4433-0429-4f32-b32a-32e14194a45b", "b3fd82fe-34cd-4835-99e9-642c3e8299b2" ] } ] }, "vulnerabilities": { "+U7CyAHaY71mhNm2Xnq2uw==": { "id": "+U7CyAHaY71mhNm2Xnq2uw==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "+UOyQgpOAnrWS+mVMK5k1Q==": { "id": "+UOyQgpOAnrWS+mVMK5k1Q==", "updater": "rhel-vex", "name": "CVE-2026-0861", "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "issued": "2026-01-14T21:01:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0861 https://bugzilla.redhat.com/show_bug.cgi?id=2429771 https://www.cve.org/CVERecord?id=CVE-2026-0861 https://nvd.nist.gov/vuln/detail/CVE-2026-0861 https://sourceware.org/bugzilla/show_bug.cgi?id=33796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0861.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "/A7M1zrsMND1dKjg2gEuyg==": { "id": "/A7M1zrsMND1dKjg2gEuyg==", "updater": "rhel-vex", "name": "CVE-2026-5450", "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "issued": "2026-04-20T20:55:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5450 https://bugzilla.redhat.com/show_bug.cgi?id=2459853 https://www.cve.org/CVERecord?id=CVE-2026-5450 https://nvd.nist.gov/vuln/detail/CVE-2026-5450 https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5450.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/jvSCV2RwJ6c/Llx9z8uvA==": { "id": "/jvSCV2RwJ6c/Llx9z8uvA==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "0E1VjQWdmolR9lr9ElIZZQ==": { "id": "0E1VjQWdmolR9lr9ElIZZQ==", "updater": "rhel-vex", "name": "CVE-2026-28389", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28389 https://bugzilla.redhat.com/show_bug.cgi?id=2451096 https://www.cve.org/CVERecord?id=CVE-2026-28389 https://nvd.nist.gov/vuln/detail/CVE-2026-28389 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28389.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1/8/Mjb4nleg0SsOivHAww==": { "id": "1/8/Mjb4nleg0SsOivHAww==", "updater": "rhel-vex", "name": "CVE-2025-9820", "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "issued": "2025-11-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9820 https://bugzilla.redhat.com/show_bug.cgi?id=2392528 https://www.cve.org/CVERecord?id=CVE-2025-9820 https://nvd.nist.gov/vuln/detail/CVE-2025-9820 https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 https://gitlab.com/gnutls/gnutls/-/issues/1732 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9820.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "1hhG+RKT0fsxlS/Wf/LWEA==": { "id": "1hhG+RKT0fsxlS/Wf/LWEA==", "updater": "rhel-vex", "name": "CVE-2026-0861", "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "issued": "2026-01-14T21:01:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0861 https://bugzilla.redhat.com/show_bug.cgi?id=2429771 https://www.cve.org/CVERecord?id=CVE-2026-0861 https://nvd.nist.gov/vuln/detail/CVE-2026-0861 https://sourceware.org/bugzilla/show_bug.cgi?id=33796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0861.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "1npmxgSnoYj2MyAhQMaE7g==": { "id": "1npmxgSnoYj2MyAhQMaE7g==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2TDjlt2gAEWsLyBBPigFYw==": { "id": "2TDjlt2gAEWsLyBBPigFYw==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3UNcgW64Eji4iyY2ZDB1cg==": { "id": "3UNcgW64Eji4iyY2ZDB1cg==", "updater": "rhel-vex", "name": "CVE-2026-3783", "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "issued": "2026-03-11T10:09:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3783 https://bugzilla.redhat.com/show_bug.cgi?id=2446450 https://www.cve.org/CVERecord?id=CVE-2026-3783 https://nvd.nist.gov/vuln/detail/CVE-2026-3783 http://www.openwall.com/lists/oss-security/2026/03/11/2 https://curl.se/docs/CVE-2026-3783.html https://curl.se/docs/CVE-2026-3783.json https://hackerone.com/reports/3583983 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3783.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3bb0a18NQSPWO0aeq9twVw==": { "id": "3bb0a18NQSPWO0aeq9twVw==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "429KD7e1Cl6AyUZNBGOTQw==": { "id": "429KD7e1Cl6AyUZNBGOTQw==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "4u3exWl+MPcCOYOgbQLM+A==": { "id": "4u3exWl+MPcCOYOgbQLM+A==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "59oEBlU3jh6EL6gtZDUaug==": { "id": "59oEBlU3jh6EL6gtZDUaug==", "updater": "rhel-vex", "name": "CVE-2026-4437", "description": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.", "issued": "2026-03-20T19:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4437 https://bugzilla.redhat.com/show_bug.cgi?id=2449777 https://www.cve.org/CVERecord?id=CVE-2026-4437 https://nvd.nist.gov/vuln/detail/CVE-2026-4437 https://sourceware.org/bugzilla/show_bug.cgi?id=34014 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4437.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5BksN0izCeDRrtFMsNCyvg==": { "id": "5BksN0izCeDRrtFMsNCyvg==", "updater": "rhel-vex", "name": "CVE-2025-9232", "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9232 https://bugzilla.redhat.com/show_bug.cgi?id=2396056 https://www.cve.org/CVERecord?id=CVE-2025-9232 https://nvd.nist.gov/vuln/detail/CVE-2025-9232 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9232.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5amguv6OT1njd8r+RXMCQQ==": { "id": "5amguv6OT1njd8r+RXMCQQ==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "6hAQW3vY9ZA/8datv1rY4g==": { "id": "6hAQW3vY9ZA/8datv1rY4g==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6rEIsdyQtCC456AuGwgsDQ==": { "id": "6rEIsdyQtCC456AuGwgsDQ==", "updater": "rhel-vex", "name": "CVE-2025-15079", "description": "A flaw was found in curl. When performing SSH-based transfers using SCP or SFTP, libcurl could mistakenly connect to hosts not listed in the user-specified knownhosts file. This occurs if the host is present in the libssh global knownhosts file, effectively bypassing the intended host verification. This could allow a remote attacker to connect to an untrusted host, potentially leading to information disclosure or man-in-the-middle attacks.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15079 https://bugzilla.redhat.com/show_bug.cgi?id=2426409 https://www.cve.org/CVERecord?id=CVE-2025-15079 https://nvd.nist.gov/vuln/detail/CVE-2025-15079 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15079.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "76mWuVYhbmIFsc4DNorK9A==": { "id": "76mWuVYhbmIFsc4DNorK9A==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "76z9Mpn8Jp7lhZSPsHTHug==": { "id": "76z9Mpn8Jp7lhZSPsHTHug==", "updater": "rhel-vex", "name": "CVE-2025-68973", "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "issued": "2025-12-28T16:19:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68973 https://bugzilla.redhat.com/show_bug.cgi?id=2425966 https://www.cve.org/CVERecord?id=CVE-2025-68973 https://nvd.nist.gov/vuln/detail/CVE-2025-68973 https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306 https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 https://gpg.fail/memcpy https://news.ycombinator.com/item?id=46403200 https://www.openwall.com/lists/oss-security/2025/12/28/5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68973.json https://access.redhat.com/errata/RHSA-2026:0719", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.3.3-5.el9_7", "arch_op": "pattern match" }, "78ARTcr/iVbEbtXWNEyadA==": { "id": "78ARTcr/iVbEbtXWNEyadA==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "7aI+wyLEqkIPj2Wh4f1UKg==": { "id": "7aI+wyLEqkIPj2Wh4f1UKg==", "updater": "rhel-vex", "name": "CVE-2026-40356", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40356 https://bugzilla.redhat.com/show_bug.cgi?id=2463368 https://www.cve.org/CVERecord?id=CVE-2026-40356 https://nvd.nist.gov/vuln/detail/CVE-2026-40356 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40356.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7eKrcl3YwGJqhWmZNbH7Eg==": { "id": "7eKrcl3YwGJqhWmZNbH7Eg==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "8MfvwX+dRI6Qt2H+x71rZg==": { "id": "8MfvwX+dRI6Qt2H+x71rZg==", "updater": "rhel-vex", "name": "CVE-2025-15224", "description": "A flaw was found in libcurl. When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15224 https://bugzilla.redhat.com/show_bug.cgi?id=2426410 https://www.cve.org/CVERecord?id=CVE-2025-15224 https://nvd.nist.gov/vuln/detail/CVE-2025-15224 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15224.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZCpE1M7eqNdy615aO2gLQ==": { "id": "8ZCpE1M7eqNdy615aO2gLQ==", "updater": "rhel-vex", "name": "CVE-2026-0992", "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0992 https://bugzilla.redhat.com/show_bug.cgi?id=2429975 https://www.cve.org/CVERecord?id=CVE-2026-0992 https://nvd.nist.gov/vuln/detail/CVE-2026-0992 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0992.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8kndQj/aRn+NNJdGVP9v4g==": { "id": "8kndQj/aRn+NNJdGVP9v4g==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9bjl4H6CMWLL3h1g5y6i9Q==": { "id": "9bjl4H6CMWLL3h1g5y6i9Q==", "updater": "rhel-vex", "name": "CVE-2026-5928", "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "issued": "2026-04-20T20:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5928 https://bugzilla.redhat.com/show_bug.cgi?id=2459854 https://www.cve.org/CVERecord?id=CVE-2026-5928 https://nvd.nist.gov/vuln/detail/CVE-2026-5928 https://sourceware.org/bugzilla/show_bug.cgi?id=33998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5928.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9iigvnuYDaC8UzcOIDLjIQ==": { "id": "9iigvnuYDaC8UzcOIDLjIQ==", "updater": "rhel-vex", "name": "CVE-2026-24883", "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "issued": "2026-01-27T18:43:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24883 https://bugzilla.redhat.com/show_bug.cgi?id=2433463 https://www.cve.org/CVERecord?id=CVE-2026-24883 https://nvd.nist.gov/vuln/detail/CVE-2026-24883 https://dev.gnupg.org/T8049 https://www.openwall.com/lists/oss-security/2026/01/27/8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24883.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AD3UsMwxeXvBzVWIm5l5yw==": { "id": "AD3UsMwxeXvBzVWIm5l5yw==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AUiFITCnRjRxctzqqbDeeA==": { "id": "AUiFITCnRjRxctzqqbDeeA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Argl342WI7oZtgSo+p9kMA==": { "id": "Argl342WI7oZtgSo+p9kMA==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "AwYRRq6SmgfJLn2NZxQUdw==": { "id": "AwYRRq6SmgfJLn2NZxQUdw==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BheYJlsY7UG2Ru8eF1IU4g==": { "id": "BheYJlsY7UG2Ru8eF1IU4g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libmount", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "D7U85Qc3CYAscEzhSfT76A==": { "id": "D7U85Qc3CYAscEzhSfT76A==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "DDxCHnX+kCqcRQj9b90/cg==": { "id": "DDxCHnX+kCqcRQj9b90/cg==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DTApvRZh1HJD5XbbpU3ahw==": { "id": "DTApvRZh1HJD5XbbpU3ahw==", "updater": "rhel-vex", "name": "CVE-2026-1757", "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "issued": "2026-02-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1757 https://bugzilla.redhat.com/show_bug.cgi?id=2435940 https://www.cve.org/CVERecord?id=CVE-2026-1757 https://nvd.nist.gov/vuln/detail/CVE-2026-1757 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DrIVK8+yvV91OzF2CS9o5A==": { "id": "DrIVK8+yvV91OzF2CS9o5A==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "Eh3WlvVSpgyvj1kaA5So7g==": { "id": "Eh3WlvVSpgyvj1kaA5So7g==", "updater": "rhel-vex", "name": "CVE-2025-13601", "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "issued": "2025-11-24T13:00:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://www.cve.org/CVERecord?id=CVE-2025-13601 https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13601.json https://access.redhat.com/errata/RHSA-2026:0936", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-18.el9_7.1", "arch_op": "pattern match" }, "Ez8lHT2uV9Tf9vJC/T4WXg==": { "id": "Ez8lHT2uV9Tf9vJC/T4WXg==", "updater": "rhel-vex", "name": "CVE-2026-4426", "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4426 https://bugzilla.redhat.com/show_bug.cgi?id=2449010 https://www.cve.org/CVERecord?id=CVE-2026-4426 https://nvd.nist.gov/vuln/detail/CVE-2026-4426 https://github.com/libarchive/libarchive/pull/2897 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4426.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "F4WBuBnk4OQIl1a5Q4CVPg==": { "id": "F4WBuBnk4OQIl1a5Q4CVPg==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://gitlab.gnome.org/GNOME/libxml2/-/issues/941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FLpBF1y0CvCfFuXOmlaRZw==": { "id": "FLpBF1y0CvCfFuXOmlaRZw==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json https://access.redhat.com/errata/RHSA-2025:22376", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-14.el9_7", "arch_op": "pattern match" }, "FQwXyPZ+oHyxQZ9RBQXbpw==": { "id": "FQwXyPZ+oHyxQZ9RBQXbpw==", "updater": "rhel-vex", "name": "CVE-2025-13034", "description": "A flaw was found in curl. When configured to use public key pinning with QUIC connections and GnuTLS, and with standard certificate verification explicitly disabled, curl could bypass the intended public key check. This oversight allows a malicious server to impersonate a legitimate one, potentially leading to unauthorized access or information disclosure due to a failure in verifying the server's identity.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13034 https://bugzilla.redhat.com/show_bug.cgi?id=2426406 https://www.cve.org/CVERecord?id=CVE-2025-13034 https://nvd.nist.gov/vuln/detail/CVE-2025-13034 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13034.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GAn7gWUe2pFr7PbwechqxA==": { "id": "GAn7gWUe2pFr7PbwechqxA==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GWKQvGJTKzyU9GiQECoFhg==": { "id": "GWKQvGJTKzyU9GiQECoFhg==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "HxI42iSjURjRki+uV6q/9w==": { "id": "HxI42iSjURjRki+uV6q/9w==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ie7rkr8oApZOM9PK2gFB6A==": { "id": "Ie7rkr8oApZOM9PK2gFB6A==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IrRjtVOpf04EO7iAKFAznQ==": { "id": "IrRjtVOpf04EO7iAKFAznQ==", "updater": "rhel-vex", "name": "CVE-2026-0915", "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "issued": "2026-01-15T22:08:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0915 https://bugzilla.redhat.com/show_bug.cgi?id=2430201 https://www.cve.org/CVERecord?id=CVE-2026-0915 https://nvd.nist.gov/vuln/detail/CVE-2026-0915 https://sourceware.org/bugzilla/show_bug.cgi?id=33802 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0915.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "Iy2V+5RC7ENxxmnS9KdBOw==": { "id": "Iy2V+5RC7ENxxmnS9KdBOw==", "updater": "rhel-vex", "name": "CVE-2026-0915", "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "issued": "2026-01-15T22:08:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0915 https://bugzilla.redhat.com/show_bug.cgi?id=2430201 https://www.cve.org/CVERecord?id=CVE-2026-0915 https://nvd.nist.gov/vuln/detail/CVE-2026-0915 https://sourceware.org/bugzilla/show_bug.cgi?id=33802 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0915.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "JK4fCJz1Ja5lmfE/vF5PcQ==": { "id": "JK4fCJz1Ja5lmfE/vF5PcQ==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "JqWXvYyB4T300h7KRcWtFA==": { "id": "JqWXvYyB4T300h7KRcWtFA==", "updater": "rhel-vex", "name": "CVE-2025-13601", "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "issued": "2025-11-24T13:00:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://www.cve.org/CVERecord?id=CVE-2025-13601 https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13601.json https://access.redhat.com/errata/RHSA-2026:0936", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-18.el9_7.1", "arch_op": "pattern match" }, "Jrkns8qeStFRPhcitcuZ4w==": { "id": "Jrkns8qeStFRPhcitcuZ4w==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "KCgZ2MK707GRfjAO2Q3SOA==": { "id": "KCgZ2MK707GRfjAO2Q3SOA==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "KMGV9rbVZ/vVUNSX6f+JqA==": { "id": "KMGV9rbVZ/vVUNSX6f+JqA==", "updater": "rhel-vex", "name": "CVE-2026-4111", "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "issued": "2026-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4111 https://bugzilla.redhat.com/show_bug.cgi?id=2446453 https://www.cve.org/CVERecord?id=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 https://github.com/libarchive/libarchive/pull/2877 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json https://access.redhat.com/errata/RHSA-2026:5080", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-7.el9_7", "arch_op": "pattern match" }, "Kqq2xlybjD/tOLmQWu2xPw==": { "id": "Kqq2xlybjD/tOLmQWu2xPw==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L1pkWyFlg006sdV2pKTg4A==": { "id": "L1pkWyFlg006sdV2pKTg4A==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-fips-provider", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LeWRqc+lggRL8KnG53e6CA==": { "id": "LeWRqc+lggRL8KnG53e6CA==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "Lhc4n2a9ma6eRDB/RCRmLQ==": { "id": "Lhc4n2a9ma6eRDB/RCRmLQ==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "LuirMfnv2JkWFEU8MUuKUQ==": { "id": "LuirMfnv2JkWFEU8MUuKUQ==", "updater": "rhel-vex", "name": "CVE-2025-13151", "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "issued": "2026-01-07T21:14:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13151 https://bugzilla.redhat.com/show_bug.cgi?id=2427698 https://www.cve.org/CVERecord?id=CVE-2025-13151 https://nvd.nist.gov/vuln/detail/CVE-2025-13151 https://gitlab.com/gnutls/libtasn1 https://gitlab.com/gnutls/libtasn1/-/merge_requests/121 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LxYgcRll4fEnbCHHZWt4BA==": { "id": "LxYgcRll4fEnbCHHZWt4BA==", "updater": "rhel-vex", "name": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "issued": "2026-03-30T07:44:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5121 https://bugzilla.redhat.com/show_bug.cgi?id=2452945 https://www.cve.org/CVERecord?id=CVE-2026-5121 https://nvd.nist.gov/vuln/detail/CVE-2026-5121 https://github.com/advisories/GHSA-2vwv-vqpv-v8vc https://github.com/libarchive/libarchive/pull/2934 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5121.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "M293c+QguJ/aaYP3cMwfyQ==": { "id": "M293c+QguJ/aaYP3cMwfyQ==", "updater": "rhel-vex", "name": "CVE-2026-28388", "description": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28388 https://bugzilla.redhat.com/show_bug.cgi?id=2451097 https://www.cve.org/CVERecord?id=CVE-2026-28388 https://nvd.nist.gov/vuln/detail/CVE-2026-28388 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28388.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MT27FBW6q+x91HBvTyGVKQ==": { "id": "MT27FBW6q+x91HBvTyGVKQ==", "updater": "rhel-vex", "name": "CVE-2026-4046", "description": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-30T17:16:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4046 https://bugzilla.redhat.com/show_bug.cgi?id=2453117 https://www.cve.org/CVERecord?id=CVE-2026-4046 https://nvd.nist.gov/vuln/detail/CVE-2026-4046 https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/ https://sourceware.org/bugzilla/show_bug.cgi?id=33980 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4046.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "N7otM4CJgwQwy0Mz0UA3Vw==": { "id": "N7otM4CJgwQwy0Mz0UA3Vw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "NrTzMmbWyM5UeSvnQVNLOg==": { "id": "NrTzMmbWyM5UeSvnQVNLOg==", "updater": "rhel-vex", "name": "CVE-2026-0988", "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0988 https://bugzilla.redhat.com/show_bug.cgi?id=2429886 https://www.cve.org/CVERecord?id=CVE-2026-0988 https://nvd.nist.gov/vuln/detail/CVE-2026-0988 https://gitlab.gnome.org/GNOME/glib/-/issues/3851 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0988.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OB9n4NdBrq+3wlcM9+90Dg==": { "id": "OB9n4NdBrq+3wlcM9+90Dg==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "PUCpgzV2LGcCb5yPJbawGw==": { "id": "PUCpgzV2LGcCb5yPJbawGw==", "updater": "rhel-vex", "name": "CVE-2025-68973", "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "issued": "2025-12-28T16:19:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68973 https://bugzilla.redhat.com/show_bug.cgi?id=2425966 https://www.cve.org/CVERecord?id=CVE-2025-68973 https://nvd.nist.gov/vuln/detail/CVE-2025-68973 https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306 https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 https://gpg.fail/memcpy https://news.ycombinator.com/item?id=46403200 https://www.openwall.com/lists/oss-security/2025/12/28/5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68973.json https://access.redhat.com/errata/RHSA-2026:0719", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.3.3-5.el9_7", "arch_op": "pattern match" }, "PrCrIesi0sSvMQjPpvxecw==": { "id": "PrCrIesi0sSvMQjPpvxecw==", "updater": "rhel-vex", "name": "CVE-2025-14512", "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "issued": "2025-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14512 https://bugzilla.redhat.com/show_bug.cgi?id=2421339 https://www.cve.org/CVERecord?id=CVE-2025-14512 https://nvd.nist.gov/vuln/detail/CVE-2025-14512 https://gitlab.gnome.org/GNOME/glib/-/issues/3845 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14512.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Pza9Y2xtH9MChVMkZwgw2A==": { "id": "Pza9Y2xtH9MChVMkZwgw2A==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q6o565VsHFcmyuOW6jCOGw==": { "id": "Q6o565VsHFcmyuOW6jCOGw==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "QSP4YGVknCXnnhDrDAxftg==": { "id": "QSP4YGVknCXnnhDrDAxftg==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "Qbjoqw6Ot3cGOKNyQYBo4g==": { "id": "Qbjoqw6Ot3cGOKNyQYBo4g==", "updater": "rhel-vex", "name": "CVE-2025-14087", "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14087 https://bugzilla.redhat.com/show_bug.cgi?id=2419093 https://www.cve.org/CVERecord?id=CVE-2025-14087 https://nvd.nist.gov/vuln/detail/CVE-2025-14087 https://gitlab.gnome.org/GNOME/glib/-/issues/3834 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14087.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QskDoDnTSvrQeDXklM4YOw==": { "id": "QskDoDnTSvrQeDXklM4YOw==", "updater": "rhel-vex", "name": "CVE-2026-4105", "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "issued": "2026-03-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4105 https://bugzilla.redhat.com/show_bug.cgi?id=2447262 https://www.cve.org/CVERecord?id=CVE-2026-4105 https://nvd.nist.gov/vuln/detail/CVE-2026-4105 https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4105.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RHShqbO2hqcBNPYbKDg/3A==": { "id": "RHShqbO2hqcBNPYbKDg/3A==", "updater": "rhel-vex", "name": "CVE-2026-6732", "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "issued": "2026-04-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6732 https://bugzilla.redhat.com/show_bug.cgi?id=2461300 https://www.cve.org/CVERecord?id=CVE-2026-6732 https://nvd.nist.gov/vuln/detail/CVE-2026-6732 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097 https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6732.json", "severity": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S5Dzz9cigoJDCj8s5UcT0g==": { "id": "S5Dzz9cigoJDCj8s5UcT0g==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SYSyRuW2vXdWcXLSfRP1aQ==": { "id": "SYSyRuW2vXdWcXLSfRP1aQ==", "updater": "rhel-vex", "name": "CVE-2025-15281", "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "issued": "2026-01-20T13:22:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15281 https://bugzilla.redhat.com/show_bug.cgi?id=2431196 https://www.cve.org/CVERecord?id=CVE-2025-15281 https://nvd.nist.gov/vuln/detail/CVE-2025-15281 https://sourceware.org/bugzilla/show_bug.cgi?id=33814 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15281.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "T+jfDhqJcXwVQ38oWEz/6g==": { "id": "T+jfDhqJcXwVQ38oWEz/6g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libsmartcols", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "TccjTp2Y8sTyWrjrm24IKA==": { "id": "TccjTp2Y8sTyWrjrm24IKA==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libmount", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "TwoNniaY2Urt7TF64epJXg==": { "id": "TwoNniaY2Urt7TF64epJXg==", "updater": "rhel-vex", "name": "CVE-2026-31790", "description": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31790 https://bugzilla.redhat.com/show_bug.cgi?id=2451094 https://www.cve.org/CVERecord?id=CVE-2026-31790 https://nvd.nist.gov/vuln/detail/CVE-2026-31790 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31790.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VWEbeFnFOHy1IkG21b5a5g==": { "id": "VWEbeFnFOHy1IkG21b5a5g==", "updater": "rhel-vex", "name": "CVE-2023-30571", "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "issued": "2023-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VYGbkY0i6P3tRJd9mM1wNg==": { "id": "VYGbkY0i6P3tRJd9mM1wNg==", "updater": "rhel-vex", "name": "CVE-2026-1489", "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1489 https://bugzilla.redhat.com/show_bug.cgi?id=2433348 https://www.cve.org/CVERecord?id=CVE-2026-1489 https://nvd.nist.gov/vuln/detail/CVE-2026-1489 https://gitlab.gnome.org/GNOME/glib/-/issues/3872 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1489.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VzbOWZs6Sa8zFH+GQEnasQ==": { "id": "VzbOWZs6Sa8zFH+GQEnasQ==", "updater": "rhel-vex", "name": "CVE-2026-4878", "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "issued": "2026-04-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2451615 https://www.cve.org/CVERecord?id=CVE-2026-4878 https://nvd.nist.gov/vuln/detail/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2447554 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WP0Zjo/ORuC7+jbSIrru8A==": { "id": "WP0Zjo/ORuC7+jbSIrru8A==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "WVv0x6iWhzRgZZTPZ190Ng==": { "id": "WVv0x6iWhzRgZZTPZ190Ng==", "updater": "rhel-vex", "name": "CVE-2026-28386", "description": "A flaw was found in openssl. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support may experience a Denial of Service (DoS). This occurs when processing partial cipher blocks, specifically if the input buffer ends at a memory page boundary and the subsequent page is unmapped. This can lead to an out-of-bounds read of up to 15 bytes and a potential application crash.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28386 https://bugzilla.redhat.com/show_bug.cgi?id=2451099 https://www.cve.org/CVERecord?id=CVE-2026-28386 https://nvd.nist.gov/vuln/detail/CVE-2026-28386 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28386.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WxO9le6q4ACTs4KnSuckDw==": { "id": "WxO9le6q4ACTs4KnSuckDw==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json https://access.redhat.com/errata/RHSA-2025:20559", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-15.el9", "arch_op": "pattern match" }, "X7DmUVoCri5i6vdYVBBgXg==": { "id": "X7DmUVoCri5i6vdYVBBgXg==", "updater": "rhel-vex", "name": "CVE-2026-1965", "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "issued": "2026-03-11T10:08:52Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1965 https://bugzilla.redhat.com/show_bug.cgi?id=2446448 https://www.cve.org/CVERecord?id=CVE-2026-1965 https://nvd.nist.gov/vuln/detail/CVE-2026-1965 https://curl.se/docs/CVE-2026-1965.html https://curl.se/docs/CVE-2026-1965.json https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1965.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XPUXyp+BOEJyEGOgXafi8Q==": { "id": "XPUXyp+BOEJyEGOgXafi8Q==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XdzUGUJMTsfPfs79OXKU4Q==": { "id": "XdzUGUJMTsfPfs79OXKU4Q==", "updater": "rhel-vex", "name": "CVE-2025-14831", "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "issued": "2026-02-09T14:26:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14831 https://bugzilla.redhat.com/show_bug.cgi?id=2423177 https://www.cve.org/CVERecord?id=CVE-2025-14831 https://nvd.nist.gov/vuln/detail/CVE-2025-14831 https://gitlab.com/gnutls/gnutls/-/issues/1773 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14831.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "YIlv6HIDfGqvZL/MDTWWpg==": { "id": "YIlv6HIDfGqvZL/MDTWWpg==", "updater": "rhel-vex", "name": "CVE-2026-3805", "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "issued": "2026-03-11T10:09:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3805 https://bugzilla.redhat.com/show_bug.cgi?id=2446451 https://www.cve.org/CVERecord?id=CVE-2026-3805 https://nvd.nist.gov/vuln/detail/CVE-2026-3805 http://www.openwall.com/lists/oss-security/2026/03/11/4 https://curl.se/docs/CVE-2026-3805.html https://curl.se/docs/CVE-2026-3805.json https://hackerone.com/reports/3591944 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3805.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YX2rGofSXHBcNhTOGpNkAA==": { "id": "YX2rGofSXHBcNhTOGpNkAA==", "updater": "rhel-vex", "name": "CVE-2026-4424", "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://www.cve.org/CVERecord?id=CVE-2026-4424 https://nvd.nist.gov/vuln/detail/CVE-2026-4424 https://github.com/libarchive/libarchive/pull/2898 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "YtNpM5pykErH+UBXZABWdg==": { "id": "YtNpM5pykErH+UBXZABWdg==", "updater": "rhel-vex", "name": "CVE-2026-28390", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T22:00:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28390 https://bugzilla.redhat.com/show_bug.cgi?id=2456314 https://www.cve.org/CVERecord?id=CVE-2026-28390 https://nvd.nist.gov/vuln/detail/CVE-2026-28390 https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6 https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4 https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788 https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28390.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a9FllBAJiFi5FeYl0KG4aQ==": { "id": "a9FllBAJiFi5FeYl0KG4aQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aOUfuyvyyWEe7Z1IZT+fGw==": { "id": "aOUfuyvyyWEe7Z1IZT+fGw==", "updater": "rhel-vex", "name": "CVE-2026-34743", "description": "A flaw was found in XZ Utils. When the `lzma_index_decoder()` function processes an empty index, and a subsequent `lzma_index_append()` operation is performed, insufficient memory is allocated. This can lead to a buffer overflow, potentially causing a denial of service (DoS) for affected systems.", "issued": "2026-04-02T18:36:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34743 https://bugzilla.redhat.com/show_bug.cgi?id=2454589 https://www.cve.org/CVERecord?id=CVE-2026-34743 https://nvd.nist.gov/vuln/detail/CVE-2026-34743 https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87 https://github.com/tukaani-project/xz/releases/tag/v5.8.3 https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34743.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "xz", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bOC69k4Gpn8Av1w/ra2Tdw==": { "id": "bOC69k4Gpn8Av1w/ra2Tdw==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libuuid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "bgJs7DKkcMwNTsh9yTDgQg==": { "id": "bgJs7DKkcMwNTsh9yTDgQg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libblkid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "bjyLMZdYnkrpUxDySiQ34Q==": { "id": "bjyLMZdYnkrpUxDySiQ34Q==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "bugTfOdgCaATW4vTnuXTSQ==": { "id": "bugTfOdgCaATW4vTnuXTSQ==", "updater": "rhel-vex", "name": "CVE-2025-70873", "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "issued": "2026-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-70873 https://bugzilla.redhat.com/show_bug.cgi?id=2447086 https://www.cve.org/CVERecord?id=CVE-2025-70873 https://nvd.nist.gov/vuln/detail/CVE-2025-70873 https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054 https://sqlite.org/forum/forumpost/761eac3c82 https://sqlite.org/src/info/3d459f1fb1bd1b5e https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70873.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d/522T+B/ARMNSG+3QfAWA==": { "id": "d/522T+B/ARMNSG+3QfAWA==", "updater": "rhel-vex", "name": "CVE-2026-22185", "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "issued": "2026-01-07T20:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22185 https://bugzilla.redhat.com/show_bug.cgi?id=2427679 https://www.cve.org/CVERecord?id=CVE-2026-22185 https://nvd.nist.gov/vuln/detail/CVE-2026-22185 https://seclists.org/fulldisclosure/2026/Jan/5 https://seclists.org/fulldisclosure/2026/Jan/8 https://www.openldap.org/ https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22185.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openldap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e/EuZlSZUQTHCSl8kHuFag==": { "id": "e/EuZlSZUQTHCSl8kHuFag==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "e0/Fzu8wfMZp9zX32i9rMQ==": { "id": "e0/Fzu8wfMZp9zX32i9rMQ==", "updater": "rhel-vex", "name": "CVE-2026-27456", "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "issued": "2026-04-03T21:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27456 https://bugzilla.redhat.com/show_bug.cgi?id=2454956 https://www.cve.org/CVERecord?id=CVE-2026-27456 https://nvd.nist.gov/vuln/detail/CVE-2026-27456 https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4 https://github.com/util-linux/util-linux/releases/tag/v2.41.4 https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27456.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e0VfCD1REapdkagkByCnXQ==": { "id": "e0VfCD1REapdkagkByCnXQ==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eUh0vSDVmqXTnsB7jL0b4g==": { "id": "eUh0vSDVmqXTnsB7jL0b4g==", "updater": "rhel-vex", "name": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "issued": "2026-03-30T07:44:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5121 https://bugzilla.redhat.com/show_bug.cgi?id=2452945 https://www.cve.org/CVERecord?id=CVE-2026-5121 https://nvd.nist.gov/vuln/detail/CVE-2026-5121 https://github.com/advisories/GHSA-2vwv-vqpv-v8vc https://github.com/libarchive/libarchive/pull/2934 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5121.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "f6oGdnhZomBa/bs3snB3kA==": { "id": "f6oGdnhZomBa/bs3snB3kA==", "updater": "rhel-vex", "name": "CVE-2025-14831", "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "issued": "2026-02-09T14:26:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14831 https://bugzilla.redhat.com/show_bug.cgi?id=2423177 https://www.cve.org/CVERecord?id=CVE-2025-14831 https://nvd.nist.gov/vuln/detail/CVE-2025-14831 https://gitlab.com/gnutls/gnutls/-/issues/1773 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14831.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "fFM0zIKtKuexRqlZMkzQpg==": { "id": "fFM0zIKtKuexRqlZMkzQpg==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "g6ZHihkpvpkr3oZoVOs05w==": { "id": "g6ZHihkpvpkr3oZoVOs05w==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "hHDtCxiuvJ9VSCSwnEG0Fw==": { "id": "hHDtCxiuvJ9VSCSwnEG0Fw==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7668", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-6.el9_7.1", "arch_op": "pattern match" }, "iF/o4aDbQf1DAw7R+LiVQw==": { "id": "iF/o4aDbQf1DAw7R+LiVQw==", "updater": "rhel-vex", "name": "CVE-2025-68972", "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "issued": "2025-12-27T22:52:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68972 https://bugzilla.redhat.com/show_bug.cgi?id=2425646 https://www.cve.org/CVERecord?id=CVE-2025-68972 https://nvd.nist.gov/vuln/detail/CVE-2025-68972 https://gpg.fail/formfeed https://news.ycombinator.com/item?id=46404339 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ija3h8P09PxwjEuLSUS2HA==": { "id": "ija3h8P09PxwjEuLSUS2HA==", "updater": "rhel-vex", "name": "CVE-2026-4438", "description": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.", "issued": "2026-03-20T19:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4438 https://bugzilla.redhat.com/show_bug.cgi?id=2449783 https://www.cve.org/CVERecord?id=CVE-2026-4438 https://nvd.nist.gov/vuln/detail/CVE-2026-4438 https://sourceware.org/bugzilla/show_bug.cgi?id=34015 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4438.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ixD2h349uZz3eCy55KxIlw==": { "id": "ixD2h349uZz3eCy55KxIlw==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "ixc06f0H9vqMfsbwQSwwvA==": { "id": "ixc06f0H9vqMfsbwQSwwvA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j/vFtwZCr4ow5q2VPKgR9g==": { "id": "j/vFtwZCr4ow5q2VPKgR9g==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "jiVVTQmOtKqVixv7agF/Hg==": { "id": "jiVVTQmOtKqVixv7agF/Hg==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "klH60uFrR0WkawaSlcOEKg==": { "id": "klH60uFrR0WkawaSlcOEKg==", "updater": "rhel-vex", "name": "CVE-2026-1484", "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1484 https://bugzilla.redhat.com/show_bug.cgi?id=2433259 https://www.cve.org/CVERecord?id=CVE-2026-1484 https://nvd.nist.gov/vuln/detail/CVE-2026-1484 https://gitlab.gnome.org/GNOME/glib/-/issues/3870 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1484.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "l1pK1ezh6e0g8I+Dp2iK7w==": { "id": "l1pK1ezh6e0g8I+Dp2iK7w==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "l6IrI73Pg+lrisEtcgX+0Q==": { "id": "l6IrI73Pg+lrisEtcgX+0Q==", "updater": "rhel-vex", "name": "CVE-2026-3784", "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "issued": "2026-03-11T10:09:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3784 https://bugzilla.redhat.com/show_bug.cgi?id=2446449 https://www.cve.org/CVERecord?id=CVE-2026-3784 https://nvd.nist.gov/vuln/detail/CVE-2026-3784 http://www.openwall.com/lists/oss-security/2026/03/11/3 https://curl.se/docs/CVE-2026-3784.html https://curl.se/docs/CVE-2026-3784.json https://hackerone.com/reports/3584903 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3784.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lQBARBTddFvexevUD04GZA==": { "id": "lQBARBTddFvexevUD04GZA==", "updater": "rhel-vex", "name": "CVE-2026-5745", "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5745 https://bugzilla.redhat.com/show_bug.cgi?id=2455921 https://www.cve.org/CVERecord?id=CVE-2026-5745 https://nvd.nist.gov/vuln/detail/CVE-2026-5745 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5745.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lppk3oI+Rm/KVCEYBGVKcg==": { "id": "lppk3oI+Rm/KVCEYBGVKcg==", "updater": "rhel-vex", "name": "CVE-2026-40355", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40355 https://bugzilla.redhat.com/show_bug.cgi?id=2463370 https://www.cve.org/CVERecord?id=CVE-2026-40355 https://nvd.nist.gov/vuln/detail/CVE-2026-40355 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40355.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mJw+LvAbCoVMIOZXCXNFpg==": { "id": "mJw+LvAbCoVMIOZXCXNFpg==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mYgwcPpa/l0bTZdysqbplg==": { "id": "mYgwcPpa/l0bTZdysqbplg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json https://access.redhat.com/errata/RHSA-2025:22376", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-14.el9_7", "arch_op": "pattern match" }, "mZCCwO//htsOIXazj/SeOw==": { "id": "mZCCwO//htsOIXazj/SeOw==", "updater": "rhel-vex", "name": "CVE-2026-31789", "description": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31789 https://bugzilla.redhat.com/show_bug.cgi?id=2451095 https://www.cve.org/CVERecord?id=CVE-2026-31789 https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31789.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ncqqUTuMttuUZ8SF9/Ywrg==": { "id": "ncqqUTuMttuUZ8SF9/Ywrg==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "oqSc7q4k6wTno/u9knscCQ==": { "id": "oqSc7q4k6wTno/u9knscCQ==", "updater": "rhel-vex", "name": "CVE-2024-9681", "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "issued": "2024-11-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9681 https://bugzilla.redhat.com/show_bug.cgi?id=2322969 https://www.cve.org/CVERecord?id=CVE-2024-9681 https://nvd.nist.gov/vuln/detail/CVE-2024-9681 https://hackerone.com/reports/2764830 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9681.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qFIYjZJeFnLAVC7lR0n6oQ==": { "id": "qFIYjZJeFnLAVC7lR0n6oQ==", "updater": "rhel-vex", "name": "CVE-2026-0989", "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \u003cinclude\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0989 https://bugzilla.redhat.com/show_bug.cgi?id=2429933 https://www.cve.org/CVERecord?id=CVE-2026-0989 https://nvd.nist.gov/vuln/detail/CVE-2026-0989 https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0989.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rz/CPeG1fPitayrSa0BFxQ==": { "id": "rz/CPeG1fPitayrSa0BFxQ==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "sJNoOKrtqJYf9M2tWcTlqg==": { "id": "sJNoOKrtqJYf9M2tWcTlqg==", "updater": "rhel-vex", "name": "CVE-2025-15281", "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "issued": "2026-01-20T13:22:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15281 https://bugzilla.redhat.com/show_bug.cgi?id=2431196 https://www.cve.org/CVERecord?id=CVE-2025-15281 https://nvd.nist.gov/vuln/detail/CVE-2025-15281 https://sourceware.org/bugzilla/show_bug.cgi?id=33814 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15281.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "smB1yCGhBb8gDhPAER7odg==": { "id": "smB1yCGhBb8gDhPAER7odg==", "updater": "rhel-vex", "name": "CVE-2025-14524", "description": "A flaw was found in curl. When an OAuth2 (Open Authorization) bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a different scheme like IMAP, LDAP, POP3, or SMTP, curl might incorrectly pass the bearer token to the new target host. This could lead to information disclosure, where sensitive authentication tokens are exposed to unintended recipients.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14524 https://bugzilla.redhat.com/show_bug.cgi?id=2426407 https://www.cve.org/CVERecord?id=CVE-2025-14524 https://nvd.nist.gov/vuln/detail/CVE-2025-14524 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14524.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "svCt47J2Zwa45xj8gn3U/w==": { "id": "svCt47J2Zwa45xj8gn3U/w==", "updater": "rhel-vex", "name": "CVE-2026-1485", "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1485 https://bugzilla.redhat.com/show_bug.cgi?id=2433325 https://www.cve.org/CVERecord?id=CVE-2026-1485 https://nvd.nist.gov/vuln/detail/CVE-2026-1485 https://gitlab.gnome.org/GNOME/glib/-/issues/3871 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1485.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sykv+pGN4TXggZNIwL/H4g==": { "id": "sykv+pGN4TXggZNIwL/H4g==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tbhLz74i3ShwS72WbIsoOA==": { "id": "tbhLz74i3ShwS72WbIsoOA==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u0cs09LPRVEEfen4PHM6gA==": { "id": "u0cs09LPRVEEfen4PHM6gA==", "updater": "rhel-vex", "name": "CVE-2026-0990", "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0990 https://bugzilla.redhat.com/show_bug.cgi?id=2429959 https://www.cve.org/CVERecord?id=CVE-2026-0990 https://nvd.nist.gov/vuln/detail/CVE-2026-0990 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0990.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u90uEyQ6vxfKeIQvjGNTHQ==": { "id": "u90uEyQ6vxfKeIQvjGNTHQ==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "uWz4SaM79VpO4EPAy+0C8g==": { "id": "uWz4SaM79VpO4EPAy+0C8g==", "updater": "rhel-vex", "name": "CVE-2026-5435", "description": "A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG (Transaction Signature) records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code.", "issued": "2026-04-28T11:58:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5435 https://bugzilla.redhat.com/show_bug.cgi?id=2463465 https://www.cve.org/CVERecord?id=CVE-2026-5435 https://nvd.nist.gov/vuln/detail/CVE-2026-5435 https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=34033 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5435.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uaetuJImncB6wudykQLpEA==": { "id": "uaetuJImncB6wudykQLpEA==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uu3d3lIlYVCZwOjqoNec3g==": { "id": "uu3d3lIlYVCZwOjqoNec3g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libblkid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "vQmd/px1n2vUjUceHOjVLA==": { "id": "vQmd/px1n2vUjUceHOjVLA==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vtpIIEEoAREfzDi0+K26Fg==": { "id": "vtpIIEEoAREfzDi0+K26Fg==", "updater": "rhel-vex", "name": "CVE-2026-4424", "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://www.cve.org/CVERecord?id=CVE-2026-4424 https://nvd.nist.gov/vuln/detail/CVE-2026-4424 https://github.com/libarchive/libarchive/pull/2898 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "xxrOMZzPk7ETmnvrIjBo0A==": { "id": "xxrOMZzPk7ETmnvrIjBo0A==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y/3qWQj3xOUQpm2CUr+ftg==": { "id": "y/3qWQj3xOUQpm2CUr+ftg==", "updater": "rhel-vex", "name": "CVE-2025-9820", "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "issued": "2025-11-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9820 https://bugzilla.redhat.com/show_bug.cgi?id=2392528 https://www.cve.org/CVERecord?id=CVE-2025-9820 https://nvd.nist.gov/vuln/detail/CVE-2025-9820 https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 https://gitlab.com/gnutls/gnutls/-/issues/1732 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9820.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "y7I268PAr74OoToX85XE8w==": { "id": "y7I268PAr74OoToX85XE8w==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "yUucg71orzE08FiDgaKBPQ==": { "id": "yUucg71orzE08FiDgaKBPQ==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "ymKqobod4xPivmLT/iq9oQ==": { "id": "ymKqobod4xPivmLT/iq9oQ==", "updater": "rhel-vex", "name": "CVE-2026-41990", "description": "A flaw was found in Libgcrypt. During Dilithium signing operations, the library fails to perform a bounds check when writing to a static array. While the data involved is not directly controlled by an attacker, this vulnerability could lead to memory corruption, potentially resulting in a denial of service (DoS) or affecting data integrity.", "issued": "2026-04-23T04:39:04Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41990 https://bugzilla.redhat.com/show_bug.cgi?id=2461068 https://www.cve.org/CVERecord?id=CVE-2026-41990 https://nvd.nist.gov/vuln/detail/CVE-2026-41990 https://dev.gnupg.org/T8208 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41990.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yzZzF1vLZmeTiLJMgY7W0Q==": { "id": "yzZzF1vLZmeTiLJMgY7W0Q==", "updater": "rhel-vex", "name": "CVE-2025-7039", "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "issued": "2025-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7039 https://bugzilla.redhat.com/show_bug.cgi?id=2392423 https://www.cve.org/CVERecord?id=CVE-2025-7039 https://nvd.nist.gov/vuln/detail/CVE-2025-7039 https://gitlab.gnome.org/GNOME/glib/-/issues/3716 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7039.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "z/beWyrkyrQJfgGCkMIsWg==": { "id": "z/beWyrkyrQJfgGCkMIsWg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libsmartcols", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "zmNQpHydwXFAJmLcFFYiyQ==": { "id": "zmNQpHydwXFAJmLcFFYiyQ==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libuuid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "znnZtQrOfSxqGV/OZKzI5g==": { "id": "znnZtQrOfSxqGV/OZKzI5g==", "updater": "rhel-vex", "name": "CVE-2026-4111", "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "issued": "2026-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4111 https://bugzilla.redhat.com/show_bug.cgi?id=2446453 https://www.cve.org/CVERecord?id=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 https://github.com/libarchive/libarchive/pull/2877 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json https://access.redhat.com/errata/RHSA-2026:5080", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-7.el9_7", "arch_op": "pattern match" }, "zqGJegkbTlVqcHBa6HtRTQ==": { "id": "zqGJegkbTlVqcHBa6HtRTQ==", "updater": "rhel-vex", "name": "CVE-2025-14017", "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "issued": "2026-01-08T10:07:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14017 https://bugzilla.redhat.com/show_bug.cgi?id=2427870 https://www.cve.org/CVERecord?id=CVE-2025-14017 https://nvd.nist.gov/vuln/detail/CVE-2025-14017 https://curl.se/docs/CVE-2025-14017.html https://curl.se/docs/CVE-2025-14017.json https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14017.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+bwl6UbMaWOBWdHNekJsEw==": [ "AD3UsMwxeXvBzVWIm5l5yw==" ], "/L1kFEoHZTukrNTCQLypFQ==": [ "aOUfuyvyyWEe7Z1IZT+fGw==" ], "/ub7EE8Da46T0x7lRdlVJg==": [ "z/beWyrkyrQJfgGCkMIsWg==", "T+jfDhqJcXwVQ38oWEz/6g==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "2gCbp4kt+cF44NF/LqukDg==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "6WyRl8U3PR6ipKlxqlBzFA==": [ "tbhLz74i3ShwS72WbIsoOA==" ], "7mDaaxs3ev+uNEDYC97U3Q==": [ "1npmxgSnoYj2MyAhQMaE7g==" ], "7ra56f21gLrcSpBD8a9+NQ==": [ "BheYJlsY7UG2Ru8eF1IU4g==", "TccjTp2Y8sTyWrjrm24IKA==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "CpfomSYboaXPZ9yn9NgGgw==": [ "7aI+wyLEqkIPj2Wh4f1UKg==", "lppk3oI+Rm/KVCEYBGVKcg==" ], "FZ9gWulzkx76xjTSH/yM/g==": [ "L1pkWyFlg006sdV2pKTg4A==" ], "FrUQI+koTfbikRk1jsFd0w==": [ "XPUXyp+BOEJyEGOgXafi8Q==" ], "IZ65O3ZOapykHwhaOX1/YA==": [ "hHDtCxiuvJ9VSCSwnEG0Fw==" ], "KXUGN6voGlWUMRN5TCFy4w==": [ "QSP4YGVknCXnnhDrDAxftg==", "DrIVK8+yvV91OzF2CS9o5A==", "QskDoDnTSvrQeDXklM4YOw==", "vQmd/px1n2vUjUceHOjVLA==" ], "M9YTWinowLqOqX/+8mbhjg==": [ "LeWRqc+lggRL8KnG53e6CA==", "g6ZHihkpvpkr3oZoVOs05w==", "bugTfOdgCaATW4vTnuXTSQ==", "HxI42iSjURjRki+uV6q/9w==" ], "O1acB+rpl9OLkk9I6phF7Q==": [ "WxO9le6q4ACTs4KnSuckDw==" ], "OCIjbR16ktOEiFK36r0WNw==": [ "LuirMfnv2JkWFEU8MUuKUQ==" ], "OaFmq38HlbKLTTEM/qATzg==": [ "rz/CPeG1fPitayrSa0BFxQ==", "l1pK1ezh6e0g8I+Dp2iK7w==", "6rEIsdyQtCC456AuGwgsDQ==", "8MfvwX+dRI6Qt2H+x71rZg==", "oqSc7q4k6wTno/u9knscCQ==", "zqGJegkbTlVqcHBa6HtRTQ==", "Pza9Y2xtH9MChVMkZwgw2A==", "smB1yCGhBb8gDhPAER7odg==", "l6IrI73Pg+lrisEtcgX+0Q==", "YIlv6HIDfGqvZL/MDTWWpg==", "FQwXyPZ+oHyxQZ9RBQXbpw==", "X7DmUVoCri5i6vdYVBBgXg==", "a9FllBAJiFi5FeYl0KG4aQ==", "3UNcgW64Eji4iyY2ZDB1cg==" ], "P5Om9zCJ/QZ+hnrEvj6fGw==": [ "ymKqobod4xPivmLT/iq9oQ==" ], "PIk2BBAWexCFofMi5q03RA==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "S8p9UGak1oycptcpYp/1eg==": [ "d/522T+B/ARMNSG+3QfAWA==" ], "SjQtW3gQmgt+Qj8JlnY4Mg==": [ "bgJs7DKkcMwNTsh9yTDgQg==", "uu3d3lIlYVCZwOjqoNec3g==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "WtG8AvirpmNJ8wVE+fxfGQ==": [ "FLpBF1y0CvCfFuXOmlaRZw==", "AwYRRq6SmgfJLn2NZxQUdw==", "qFIYjZJeFnLAVC7lR0n6oQ==", "RHShqbO2hqcBNPYbKDg/3A==", "8kndQj/aRn+NNJdGVP9v4g==", "DTApvRZh1HJD5XbbpU3ahw==", "jiVVTQmOtKqVixv7agF/Hg==", "u0cs09LPRVEEfen4PHM6gA==", "F4WBuBnk4OQIl1a5Q4CVPg==", "8ZCpE1M7eqNdy615aO2gLQ==", "mYgwcPpa/l0bTZdysqbplg==" ], "XJlS+gwEt7T+nNr/Bflqzg==": [ "uWz4SaM79VpO4EPAy+0C8g==", "/A7M1zrsMND1dKjg2gEuyg==", "ija3h8P09PxwjEuLSUS2HA==", "59oEBlU3jh6EL6gtZDUaug==", "9bjl4H6CMWLL3h1g5y6i9Q==", "MT27FBW6q+x91HBvTyGVKQ==" ], "XMkvB1ljVS0bNTUu2UEs3g==": [ "XPUXyp+BOEJyEGOgXafi8Q==" ], "ZabCZVOpeuHGnRiGdzqBig==": [ "L1pkWyFlg006sdV2pKTg4A==" ], "ayTA+mXRKgSCRl5LaqP4/w==": [ "JqWXvYyB4T300h7KRcWtFA==", "klH60uFrR0WkawaSlcOEKg==", "VYGbkY0i6P3tRJd9mM1wNg==", "PrCrIesi0sSvMQjPpvxecw==", "Qbjoqw6Ot3cGOKNyQYBo4g==", "e0VfCD1REapdkagkByCnXQ==", "svCt47J2Zwa45xj8gn3U/w==", "ixc06f0H9vqMfsbwQSwwvA==", "yzZzF1vLZmeTiLJMgY7W0Q==", "NrTzMmbWyM5UeSvnQVNLOg==", "Eh3WlvVSpgyvj1kaA5So7g==" ], "eK3V3oi6vbIfOQRAcWBYDw==": [ "uWz4SaM79VpO4EPAy+0C8g==", "/A7M1zrsMND1dKjg2gEuyg==", "ija3h8P09PxwjEuLSUS2HA==", "59oEBlU3jh6EL6gtZDUaug==", "9bjl4H6CMWLL3h1g5y6i9Q==", "MT27FBW6q+x91HBvTyGVKQ==" ], "iVtx1BX52G3zRfk+g/oWIg==": [ "78ARTcr/iVbEbtXWNEyadA==", "7eKrcl3YwGJqhWmZNbH7Eg==", "KCgZ2MK707GRfjAO2Q3SOA==", "Q6o565VsHFcmyuOW6jCOGw==", "fFM0zIKtKuexRqlZMkzQpg==", "3bb0a18NQSPWO0aeq9twVw==", "WP0Zjo/ORuC7+jbSIrru8A==", "Argl342WI7oZtgSo+p9kMA==", "ncqqUTuMttuUZ8SF9/Ywrg==", "u90uEyQ6vxfKeIQvjGNTHQ==", "429KD7e1Cl6AyUZNBGOTQw==", "OB9n4NdBrq+3wlcM9+90Dg==", "JK4fCJz1Ja5lmfE/vF5PcQ==", "D7U85Qc3CYAscEzhSfT76A==", "e/EuZlSZUQTHCSl8kHuFag==", "+U7CyAHaY71mhNm2Xnq2uw==", "y7I268PAr74OoToX85XE8w==", "bjyLMZdYnkrpUxDySiQ34Q==", "4u3exWl+MPcCOYOgbQLM+A==", "ixD2h349uZz3eCy55KxIlw==", "j/vFtwZCr4ow5q2VPKgR9g==", "/jvSCV2RwJ6c/Llx9z8uvA==", "Jrkns8qeStFRPhcitcuZ4w==", "yUucg71orzE08FiDgaKBPQ==", "GWKQvGJTKzyU9GiQECoFhg==", "5amguv6OT1njd8r+RXMCQQ==", "2TDjlt2gAEWsLyBBPigFYw==", "WVv0x6iWhzRgZZTPZ190Ng==", "M293c+QguJ/aaYP3cMwfyQ==", "Ie7rkr8oApZOM9PK2gFB6A==", "0E1VjQWdmolR9lr9ElIZZQ==", "6hAQW3vY9ZA/8datv1rY4g==", "TwoNniaY2Urt7TF64epJXg==", "mZCCwO//htsOIXazj/SeOw==", "YtNpM5pykErH+UBXZABWdg==", "5BksN0izCeDRrtFMsNCyvg==" ], "izPQpATHYfezyT+kcua/tQ==": [ "1/8/Mjb4nleg0SsOivHAww==", "XdzUGUJMTsfPfs79OXKU4Q==", "y/3qWQj3xOUQpm2CUr+ftg==", "f6oGdnhZomBa/bs3snB3kA==" ], "kAEPeyZOK/FwFoG6mOFUbQ==": [ "VzbOWZs6Sa8zFH+GQEnasQ==" ], "lad8JH31WlI0MsNEYhUWlA==": [ "Iy2V+5RC7ENxxmnS9KdBOw==", "SYSyRuW2vXdWcXLSfRP1aQ==", "1hhG+RKT0fsxlS/Wf/LWEA==", "uWz4SaM79VpO4EPAy+0C8g==", "/A7M1zrsMND1dKjg2gEuyg==", "ija3h8P09PxwjEuLSUS2HA==", "59oEBlU3jh6EL6gtZDUaug==", "9bjl4H6CMWLL3h1g5y6i9Q==", "MT27FBW6q+x91HBvTyGVKQ==", "IrRjtVOpf04EO7iAKFAznQ==", "sJNoOKrtqJYf9M2tWcTlqg==", "+UOyQgpOAnrWS+mVMK5k1Q==" ], "mDM1q1sl0PqUWEn54kTSRw==": [ "N7otM4CJgwQwy0Mz0UA3Vw==", "Lhc4n2a9ma6eRDB/RCRmLQ==", "6rEIsdyQtCC456AuGwgsDQ==", "8MfvwX+dRI6Qt2H+x71rZg==", "oqSc7q4k6wTno/u9knscCQ==", "zqGJegkbTlVqcHBa6HtRTQ==", "Pza9Y2xtH9MChVMkZwgw2A==", "smB1yCGhBb8gDhPAER7odg==", "l6IrI73Pg+lrisEtcgX+0Q==", "YIlv6HIDfGqvZL/MDTWWpg==", "FQwXyPZ+oHyxQZ9RBQXbpw==", "X7DmUVoCri5i6vdYVBBgXg==", "a9FllBAJiFi5FeYl0KG4aQ==", "3UNcgW64Eji4iyY2ZDB1cg==" ], "nzQEyt4JfkGeZIIHPiBhog==": [ "zmNQpHydwXFAJmLcFFYiyQ==", "bOC69k4Gpn8Av1w/ra2Tdw==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "nzlusFbkan5h1d1Ks+BKBQ==": [ "tbhLz74i3ShwS72WbIsoOA==" ], "rY/kE/V4JnxYoqV+lmc9mg==": [ "DDxCHnX+kCqcRQj9b90/cg==" ], "v3i4ez5juML2ZWwR+6dFFg==": [ "PUCpgzV2LGcCb5yPJbawGw==", "AUiFITCnRjRxctzqqbDeeA==", "9iigvnuYDaC8UzcOIDLjIQ==", "iF/o4aDbQf1DAw7R+LiVQw==", "GAn7gWUe2pFr7PbwechqxA==", "76z9Mpn8Jp7lhZSPsHTHug==" ], "wfJGCqOH8d+IYg/dAepx1A==": [ "vtpIIEEoAREfzDi0+K26Fg==", "eUh0vSDVmqXTnsB7jL0b4g==", "znnZtQrOfSxqGV/OZKzI5g==", "uaetuJImncB6wudykQLpEA==", "VWEbeFnFOHy1IkG21b5a5g==", "xxrOMZzPk7ETmnvrIjBo0A==", "mJw+LvAbCoVMIOZXCXNFpg==", "76mWuVYhbmIFsc4DNorK9A==", "lQBARBTddFvexevUD04GZA==", "sykv+pGN4TXggZNIwL/H4g==", "Kqq2xlybjD/tOLmQWu2xPw==", "Ez8lHT2uV9Tf9vJC/T4WXg==", "YX2rGofSXHBcNhTOGpNkAA==", "LxYgcRll4fEnbCHHZWt4BA==", "KMGV9rbVZ/vVUNSX6f+JqA==" ] }, "enrichments": {} } pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz@sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz@sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 4, "warnings": [ { "msg": "Found packages with high vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: gnupg2-2.3.3-4.el9 (CVE-2025-68973), sqlite-libs-3.34.1-8.el9_6 (CVE-2025-6965), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-15467), libnghttp2-1.43.0-6.el9 (CVE-2026-27135), libarchive-3.5.3-6.el9_6 (CVE-2026-4111, CVE-2026-4424)", "name": "clair_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 6 } }, { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libcap-2.48-9.el9_2 (CVE-2026-4878), krb5-libs-1.21.1-8.el9_6 (CVE-2026-40356)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 2 } }, { "msg": "Found packages with medium vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: libxml2-2.9.13-12.el9_6 (CVE-2025-9714), libblkid-2.37.4-21.el9 (CVE-2025-14104), glibc-2.34-168.el9_6.23 (CVE-2026-0915), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2025-9086), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-11187, CVE-2025-69419, CVE-2025-9230), libmount-2.37.4-21.el9 (CVE-2025-14104), glib2-2.68.4-16.el9_6.2 (CVE-2025-13601), curl-minimal-7.76.1-31.el9_6.1 (CVE-2025-9086), libarchive-3.5.3-6.el9_6 (CVE-2026-5121), systemd-libs-252-51.el9_6.2 (CVE-2025-4598), gnutls-3.8.3-6.el9_6.2 (CVE-2025-14831), libsmartcols-2.37.4-21.el9 (CVE-2025-14104), libuuid-2.37.4-21.el9 (CVE-2025-14104)", "name": "clair_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 15 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libxml2-2.9.13-12.el9_6 (CVE-2026-0990, CVE-2026-1757, CVE-2026-6732), openldap-2.6.8-4.el9 (CVE-2026-22185), libblkid-2.37.4-21.el9 (CVE-2026-27456), coreutils-single-8.32-39.el9 (CVE-2025-5278), gnupg2-2.3.3-4.el9 (CVE-2025-68972), glibc-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805), glibc-common-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2026-28386, CVE-2026-28390, CVE-2026-31790), libmount-2.37.4-21.el9 (CVE-2026-27456), krb5-libs-1.21.1-8.el9_6 (CVE-2026-40355), glib2-2.68.4-16.el9_6.2 (CVE-2025-14087, CVE-2025-14512, CVE-2026-1484, CVE-2026-1489), curl-minimal-7.76.1-31.el9_6.1 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805), libarchive-3.5.3-6.el9_6 (CVE-2023-30571, CVE-2025-60753, CVE-2026-4426, CVE-2026-5745), systemd-libs-252-51.el9_6.2 (CVE-2026-29111, CVE-2026-4105), glibc-minimal-langpack-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), libsmartcols-2.37.4-21.el9 (CVE-2026-27456), xz-libs-5.2.5-8.el9_0 (CVE-2026-34743), libuuid-2.37.4-21.el9 (CVE-2026-27456)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 52 } }, { "msg": "Found packages with low/negligible vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: glibc-2.34-168.el9_6.23 (CVE-2025-15281, CVE-2026-0861), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796), shadow-utils-2:4.9-12.el9 (CVE-2024-56433), gnutls-3.8.3-6.el9_6.2 (CVE-2025-9820)", "name": "clair_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 13 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libxml2-2.9.13-12.el9_6 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170, CVE-2026-0989, CVE-2026-0992), gnupg2-2.3.3-4.el9 (CVE-2022-3219, CVE-2025-30258, CVE-2026-24883), glibc-2.34-168.el9_6.23 (CVE-2026-4438), ncurses-base-6.2-10.20210508.el9_6.2 (CVE-2023-50495), libstdc++-11.5.0-5.el9_5 (CVE-2022-27943), sqlite-libs-3.34.1-8.el9_6 (CVE-2024-0232, CVE-2025-70873), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224), glibc-common-2.34-168.el9_6.23 (CVE-2026-4438), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232, CVE-2026-2673, CVE-2026-28388, CVE-2026-28389, CVE-2026-31789), libtasn1-4.16.0-9.el9 (CVE-2025-13151), glib2-2.68.4-16.el9_6.2 (CVE-2023-32636, CVE-2025-3360, CVE-2025-7039, CVE-2026-0988, CVE-2026-1485), curl-minimal-7.76.1-31.el9_6.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224), libarchive-3.5.3-6.el9_6 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), pcre2-syntax-10.40-6.el9 (CVE-2022-41409), ncurses-libs-6.2-10.20210508.el9_6.2 (CVE-2023-50495), pcre2-10.40-6.el9 (CVE-2022-41409), glibc-minimal-langpack-2.34-168.el9_6.23 (CVE-2026-4438), openssl-fips-provider-3.0.7-6.el9_5 (CVE-2026-2673), openssl-fips-provider-so-3.0.7-6.el9_5 (CVE-2026-2673), gawk-5.1.0-6.el9 (CVE-2023-4156), libgcrypt-1.10.0-11.el9 (CVE-2026-41990), zlib-1.2.11-40.el9 (CVE-2026-27171), libgcc-11.5.0-5.el9_5 (CVE-2022-27943)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 55 } } ] } ] {"vulnerabilities":{"critical":0,"high":6,"medium":15,"low":13,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":2,"medium":52,"low":55,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:eea6207da83b5377451aaa84b74706c18a9ace50", "digests": ["sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43"]}} {"result":"SUCCESS","timestamp":"2026-04-29T14:05:52+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clamav-scan-pod | init container: prepare 2026/04/29 14:05:14 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clamav-scan-pod | init container: place-scripts 2026/04/29 14:05:17 Decoded script /tekton/scripts/script-0-fxfph 2026/04/29 14:05:17 Decoded script /tekton/scripts/script-1-rnlf4 pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clamav-scan-pod | container step-extract-and-scan-image: /start-clamd.sh: fork: retry: Resource temporarily unavailable Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz@sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 1.926 sec (0 m 1 s) Start Date: 2026:04:29 14:05:43 End Date: 2026:04:29 14:05:45 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27985/Tue Apr 28 06:25:02 2026 Database version: 27985 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1777471545","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1777471545","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1777471545","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:eea6207da83b5377451aaa84b74706c18a9ace50", "digests": ["sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43"]}} pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz Attaching to quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:eea6207da83b5377451aaa84b74706c18a9ace50 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:eea6207da83b5377451aaa84b74706c18a9ace50@sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 1466d95e09f9 clamscan-ec-test-amd64.json Uploading b4cdd1a167a2 clamscan-result-amd64.log Uploaded 1466d95e09f9 clamscan-ec-test-amd64.json Uploaded b4cdd1a167a2 clamscan-result-amd64.log Uploading d25ee3ffc7d2 application/vnd.oci.image.manifest.v1+json Uploaded d25ee3ffc7d2 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz:eea6207da83b5377451aaa84b74706c18a9ace50@sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43 Digest: sha256:d25ee3ffc7d28b258286a7f4c25488252e522d858b1a9eace8800fd6b6336c05 pod: gh-multi-component-parent-wvpz-on-push-gz7ll-init-pod | init container: prepare 2026/04/29 14:03:16 Entrypoint initialization pod: gh-multi-component-parent-wvpz-on-push-gz7ll-init-pod | container step-init: time="2026-04-29T14:03:19Z" level=info msg="[param] enable: false" time="2026-04-29T14:03:19Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T14:03:19Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T14:03:19Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T14:03:19Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T14:03:19Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T14:03:19Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T14:03:19Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T14:03:19Z" level=info msg="[result] NO PROXY: " { s: "\n pod: gh-multi-component-parent-wvpz-on-pull-request-r88jd-init-pod | init container: prepare\n2026/04/29 13:13:46 Entrypoint initialization\n\npod: gh-multi-component-parent-wvpz-on-pull-request-r88jd-init-pod | container step-init: \ntime=\"2026-04-29T13:13:49Z\" level=info msg=\"[param] enable: false\"\ntime=\"2026-04-29T13:13:49Z\" level=info msg=\"[param] default-http-proxy: squid.caching.svc.cluster.local:3128\"\ntime=\"2026-04-29T13:13:49Z\" level=info msg=\"[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai\"\ntime=\"2026-04-29T13:13:49Z\" level=info msg=\"[param] http-proxy-result-path: /tekton/results/http-proxy\"\ntime=\"2026-04-29T13:13:49Z\" level=info msg=\"[param] no-proxy-result-path: /tekton/results/no-proxy\"\ntime=\"2026-04-29T13:13:49Z\" level=info msg=\"Using in-cluster config\" logger=KubeClient\ntime=\"2026-04-29T13:13:49Z\" level=info msg=\"Cache proxy is disabled via param\"\ntime=\"2026-04-29T13:13:49Z\" level=info msg=\"[result] HTTP PROXY: \"\ntime=\"2026-04-29T13:13:49Z\" level=info msg=\"[result] NO PROXY: \"\n\n pod: gh-multi-component-parent-wvpz-on-push-gz7ll-apply-tags-pod | init container: prepare\n2026/04/29 14:05:20 Entrypoint initialization\n\npod: gh-multi-component-parent-wvpz-on-push-gz7ll-apply-tags-pod | container step-apply-additional-tags: \n\n pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | init container: prepare\n2026/04/29 14:05:12 Entrypoint initialization\n\n pod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | init container: place-scripts\n2026/04/29 14:05:14 Decoded script /tekton/scripts/script-0-6nksn\n2026/04/29 14:05:14 Decoded script /tekton/scripts/script-1-s2p9b\n2026/04/29 14:05:14 Decoded script /tekton/scripts/script-2-rz7ls\n2026/04/29 14:05:14 Decoded script /tekton/scripts/script-3-62zk6\n\npod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | container step-get-image-manifests: \nInspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-gixz/gh-multi-component-parent-wvpz@sha256:77b2ace2efe08815e93a0009d239bf85a6ec6e44141bd2e99613bfaead6f5e43.\n\npod: gh-multi-component-parent-wvpz-on-push-gz7ll-clair-scan-pod | container step-get-vulnerabilities: \nRunning clair-action on amd64 image manifest...\n\x1b[90m2026-04-29T14:05:31Z\x1b[0m \x1b[32mINF\x1b[0m \x1b[1mmatchers created\x1b[0m \x1b[36mcomponent=\x1b[0mlibvuln/New \x1b[36mmatchers=\x1b[0m[{\"docs\":\"https://pkg.go.dev/github.com/quay/claircore/suse\",\"name\":\"suse\"},{\"docs\":\"https://pkg.go.dev/github.com/quay/claircore/ubuntu\",\"name\":\"ubuntu-matcher\"},{\"docs\":\"https://pkg.go.dev/github.com/quay/claircore/java\",\"name\":\"java-maven\"},{\"docs\":\"https://pkg.go.dev/github.com/quay/claircore/rhel\",\"name\":\"rhel\"},{\"docs\":\"https://pkg.go.dev/github.com/quay/claircore/ruby\",\"name\":\"ruby-gem\"},{\"docs\":\"https://pkg.go.dev/github.com/quay/claircore/debian\",\"name\":\"debian-matcher\"},{\"docs\":\"https://pkg.go.dev/github.com/quay/claircore/gobin\",\"name\":\"gobin\"},{\"docs\":\"https://pkg.go.dev/github.com/quay/claircore/photon\",\"name\":\"photon\"},{\"docs\":\"https://pkg.go.dev/github.com/quay/claircore/python\",\"name\":\"python\"},{\"docs\":\"https://pkg.go.dev/github.com/quay/claircore/alpine\",\"name\":\"alpine-matcher\"},{\"docs\":\"https://pkg.go.dev/github.com/quay/claircore/aws\",\"name\":\"aws-matcher\"},{\"docs\":\"https://pkg.go.dev/github.com/quay/claircore/oracle\",\"name\":\"oracle\"},{\"docs\":\"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc\",\"name\":\"rhel-container-matcher\"}]\n\x1b[90m2026-04-29T14:05:31Z\x1b[0m \x1b[32mINF\x1b[0m \x1b[1mlibvuln initialized\x1b[0m \x1b[36mcomponent=\x1b[0mlibvuln/New\n\x1b[90m2026-04-29T14:05:... Gomega truncated this representation as it exceeds 'format.MaxLength'. Consider having the object provide a custom 'GomegaStringer' representation or adjust the parameters in Gomega's 'format' package. Learn more here: https://onsi.github.io/gomega/#adjusting-output In [It] at: /workspace/source/test/e2e/renovate.go:403 @ 04/29/26 14:06:13.45 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace [It] should lead to a nudge PR creation for child component [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:412 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/renovate.go:412 @ 04/29/26 14:06:20.503 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace [It] merging the PR should be successful for child component [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:429 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/renovate.go:429 @ 04/29/26 14:06:20.503 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace [It] Verify the nudge updated the contents [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:440 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/test/e2e/renovate.go:440 @ 04/29/26 14:06:20.504 ------------------------------ • [2986.759 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace the PipelineRun should eventually finish successfully for component python-component-libbop [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:159 Timeline >> PipelineRun python-component-libbop-on-pull-request-9z6sd found for Component build-e2e-fhve/python-component-libbop PipelineRun python-component-libbop-on-pull-request-9z6sd reason: ResolvingTaskRef PipelineRun python-component-libbop-on-pull-request-9z6sd reason: ResolvingTaskRef PipelineRun python-component-libbop-on-pull-request-9z6sd reason: ResolvingTaskRef PipelineRun python-component-libbop-on-pull-request-9z6sd reason: ResolvingTaskRef PipelineRun python-component-libbop-on-pull-request-9z6sd reason: ResolvingTaskRef PipelineRun python-component-libbop-on-pull-request-9z6sd reason: ResolvingTaskRef PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun has not been created yet for the Component build-e2e-fhve/python-component-libbop PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Running PipelineRun python-component-libbop-on-pull-request-9z6sd reason: Failed attempt 1/3: PipelineRun "python-component-libbop-on-pull-request-9z6sd" failed: pod: python-component-libbop-on-2aec8aca2553753ec2c4478e0acb61b5-pod | init container: prepare 2026/04/29 13:29:40 Entrypoint initialization pod: python-component-libbop-on-2aec8aca2553753ec2c4478e0acb61b5-pod | init container: place-scripts 2026/04/29 13:29:47 Decoded script /tekton/scripts/script-1-nnr8p 2026/04/29 13:29:47 Decoded script /tekton/scripts/script-2-744nd 2026/04/29 13:29:47 Decoded script /tekton/scripts/script-3-4tt2q 2026/04/29 13:29:47 Decoded script /tekton/scripts/script-4-dgw4n 2026/04/29 13:29:47 Decoded script /tekton/scripts/script-5-wj6tm pod: python-component-libbop-on-2aec8aca2553753ec2c4478e0acb61b5-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop Executing: oras blob fetch --registry-config /tmp/use-oci.sh.k0H9EU/auth-81p8wM.json quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop@sha256:1a81f3fa0df79af8f8b07cb945f4292855151c859b37c63aedd406d509a7e63d --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop@sha256:1a81f3fa0df79af8f8b07cb945f4292855151c859b37c63aedd406d509a7e63d to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: python-component-libbop-on-2aec8aca2553753ec2c4478e0acb61b5-pod | container step-build: [2026-04-29T13:31:21,337391514+00:00] Validate context path [2026-04-29T13:31:21,341164810+00:00] Update CA trust [2026-04-29T13:31:21,342284445+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-04-29T13:31:35,455420998+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-04-29T13:31:35,586184531+00:00] Prepare system (architecture: x86_64) [2026-04-29T13:31:35,742636283+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/python-39:1-117.1684741281... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:8a2e9815396eaa57b0dfe27b2dfc442417f06aa70974c358f198980b533c7942 Copying blob sha256:5465449a2ea5d8a7e05fa498c8ba35f0ce7714b0ad37e716961fca17dfa1ef13 Copying blob sha256:a07d808ddf4404b3885fef6100142a973cc667b2c3c4abcf4db96508795b1efb Copying blob sha256:085efe85e9dfb0b3d5d2392e4b78660a3091bf1ded336315117a627fbdd0567d Copying config sha256:45c8f23c11bb64f238236aaf5cbe05595778e1d4fb6c06109c6fcc0a6b57a45b Writing manifest to image destination Storing signatures [2026-04-29T13:32:20,809306668+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-04-29T13:31:35Z", "com.redhat.component": "python-39-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.buildpacks.stack.id": "com.redhat.stacks.ubi9-python-39", "io.k8s.description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "io.k8s.display-name": "Python 3.9", "io.openshift.expose-services": "8080:http", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,python,python39,python-39,rh-python39", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "SoftwareCollections.org ", "name": "ubi9/python-39", "release": "117.1684741281", "summary": "Platform for building and running Python 3.9 applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi9/python-39/images/1-117.1684741281", "usage": "s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.9/test/setup-test-app/ ubi9/python-39 python-sample-app", "vcs-ref": "b10bd081606dc2bbe0d3934ea47345230fe74bc4", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1", "org.opencontainers.image.revision": "b10bd081606dc2bbe0d3934ea47345230fe74bc4", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/sample-multi-component", "quay.expires-after": "5d", "org.opencontainers.image.created": "2026-04-29T13:31:35Z" } [2026-04-29T13:32:20,857252119+00:00] Register sub-man Adding the entitlement to the build [2026-04-29T13:32:20,860725612+00:00] Add secrets [2026-04-29T13:32:20,876811823+00:00] Run buildah build [2026-04-29T13:32:20,877949941+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=b10bd081606dc2bbe0d3934ea47345230fe74bc4 --label org.opencontainers.image.revision=b10bd081606dc2bbe0d3934ea47345230fe74bc4 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --label quay.expires-after=5d --label build-date=2026-04-29T13:31:35Z --label org.opencontainers.image.created=2026-04-29T13:31:35Z --annotation org.opencontainers.image.revision=b10bd081606dc2bbe0d3934ea47345230fe74bc4 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --annotation org.opencontainers.image.created=2026-04-29T13:31:35Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.SuR6ZL -t quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop:on-pr-b10bd081606dc2bbe0d3934ea47345230fe74bc4 . STEP 1/10: FROM registry.access.redhat.com/ubi9/python-39:1-117.1684741281 STEP 2/10: EXPOSE 8081/tcp STEP 3/10: ENV FLASK_PORT=8081 STEP 4/10: WORKDIR /projects STEP 5/10: COPY . . STEP 6/10: RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; elif [ `ls -1q *.txt | wc -l` == 1 ]; then pip install -r *.txt; fi Collecting Flask==2.3.3 Downloading flask-2.3.3-py3-none-any.whl (96 kB) Collecting Werkzeug>=2.3.7 Downloading werkzeug-3.1.8-py3-none-any.whl (226 kB) Collecting click>=8.1.3 Downloading click-8.1.8-py3-none-any.whl (98 kB) Collecting importlib-metadata>=3.6.0 Downloading importlib_metadata-8.7.1-py3-none-any.whl (27 kB) Collecting blinker>=1.6.2 Downloading blinker-1.9.0-py3-none-any.whl (8.5 kB) Collecting itsdangerous>=2.1.2 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting Jinja2>=3.1.2 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) Collecting zipp>=3.20 Downloading zipp-3.23.1-py3-none-any.whl (10 kB) Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (20 kB) Installing collected packages: zipp, MarkupSafe, Werkzeug, Jinja2, itsdangerous, importlib-metadata, click, blinker, Flask Successfully installed Flask-2.3.3 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.8 blinker-1.9.0 click-8.1.8 importlib-metadata-8.7.1 itsdangerous-2.2.0 zipp-3.23.1 WARNING: You are using pip version 21.3.1; however, version 26.0.1 is available. You should consider upgrading via the '/opt/app-root/bin/python3.9 -m pip install --upgrade pip' command. STEP 7/10: CMD [ "python", "./app.py" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="b10bd081606dc2bbe0d3934ea47345230fe74bc4" "org.opencontainers.image.revision"="b10bd081606dc2bbe0d3934ea47345230fe74bc4" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/sample-multi-component" "quay.expires-after"="5d" "build-date"="2026-04-29T13:31:35Z" "org.opencontainers.image.created"="2026-04-29T13:31:35Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop:on-pr-b10bd081606dc2bbe0d3934ea47345230fe74bc4 --> ac3e4bccf3a8 Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop:on-pr-b10bd081606dc2bbe0d3934ea47345230fe74bc4 ac3e4bccf3a81c2fa429eddbfa2d5ead42e8f42baaa62faf7ad9eecd544b73ab [2026-04-29T13:32:26,816584550+00:00] Unsetting proxy [2026-04-29T13:32:26,817968245+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/python-39:1-117.1684741281 registry.access.redhat.com/ubi9/python-39:1-117.1684741281@sha256:40a58935b9c22664927b22bf256f53a3d744ddb7316f3af18061099e199526ee Getting image source signatures Copying blob sha256:84907a4128eb0d3752338fa33dc5b6f0bea05d3457a8030f18198d999cb5163a Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 pod: python-component-libbop-on-2aec8aca2553753ec2c4478e0acb61b5-pod | container step-push: [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop:on-pr-b10bd081606dc2bbe0d3934ea47345230fe74bc4 docker://quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop:python-component-libbop-on-pull-request-9z6sd-build-container Getting image source signatures Copying blob sha256:84907a4128eb0d3752338fa33dc5b6f0bea05d3457a8030f18198d999cb5163a Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde [2026-04-29T13:32:58,055857648+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-04-29T13:33:03,158804614+00:00] Convert image [2026-04-29T13:33:03,159951223+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop:python-component-libbop-on-pull-request-9z6sd-build-container Copying config sha256:ac3e4bccf3a81c2fa429eddbfa2d5ead42e8f42baaa62faf7ad9eecd544b73ab Writing manifest to image destination [2026-04-29T13:33:40,516141068+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop:on-pr-b10bd081606dc2bbe0d3934ea47345230fe74bc4 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /var/workdir/image-digest quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop:on-pr-b10bd081606dc2bbe0d3934ea47345230fe74bc4 docker://quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop:on-pr-b10bd081606dc2bbe0d3934ea47345230fe74bc4 Getting image source signatures Copying blob sha256:84907a4128eb0d3752338fa33dc5b6f0bea05d3457a8030f18198d999cb5163a Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying config sha256:ac3e4bccf3a81c2fa429eddbfa2d5ead42e8f42baaa62faf7ad9eecd544b73ab Writing manifest to image destination sha256:8890f09df04226747d35f2b45d5cbb48d731edd8e6ed0c50d9865a573a9acb02quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop:on-pr-b10bd081606dc2bbe0d3934ea47345230fe74bc4 [retry] executing: kubectl get configmap cluster-config -n konflux-info -o json Keyless signing is disabled (none of rekorInternalUrl, fulcioInternalUrl, defaultOIDCIssuer, tufInternalUrl are configured in the konflux-info/cluster-config configmap) [2026-04-29T13:33:43,602462262+00:00] End push pod: python-component-libbop-on-2aec8aca2553753ec2c4478e0acb61b5-pod | container step-sbom-syft-generate: [2026-04-29T13:33:44,172465646+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-04-29T13:34:01,409417716+00:00] End sbom-syft-generate pod: python-component-libbop-on-2aec8aca2553753ec2c4478e0acb61b5-pod | container step-prepare-sboms: [2026-04-29T13:34:02,378334530+00:00] Prepare SBOM [2026-04-29T13:34:02,441800016+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-04-29 13:34:14,645 [INFO] mobster.log: Logging level set to 20 2026-04-29 13:34:18,748 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi9/python-39@sha256:40a58935b9c22664927b22bf256f53a3d744ddb7316f3af18061099e199526ee 2026-04-29 13:34:20,973 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-29 13:34:21,687 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-29 13:34:23,005 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-29 13:34:23,763 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-29 13:34:25,348 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-29 13:34:26,022 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-29 13:34:27,469 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-29 13:34:28,145 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-29 13:34:28,145 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-04-29 13:34:28,145 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-04-29 13:34:28,148 [INFO] mobster.log: Contextual workflow completed in 10.40s 2026-04-29 13:34:29,247 [INFO] mobster.main: Exiting with code 0. [2026-04-29T13:34:30,343516930+00:00] End prepare-sboms pod: python-component-libbop-on-2aec8aca2553753ec2c4478e0acb61b5-pod | container step-upload-sbom: [2026-04-29T13:34:30,509183174+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop:on-pr-b10bd081606dc2bbe0d3934ea47345230fe74bc4@sha256:8890f09df04226747d35f2b45d5cbb48d731edd8e6ed0c50d9865a573a9acb02 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key '. Uploading SBOM file for [quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop@sha256:8890f09df04226747d35f2b45d5cbb48d731edd8e6ed0c50d9865a573a9acb02] to [quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop:sha256-8890f09df04226747d35f2b45d5cbb48d731edd8e6ed0c50d9865a573a9acb02.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop@sha256:4276220d55ec43b104f2b85275c75a766b40d0499a9eaecd274b47afd6fc751d [2026-04-29T13:36:07,012671916+00:00] End upload-sbom pod: python-component-libbop-on-911f368576666baa5a4650d5600df543-pod | init container: prepare 2026/04/29 13:25:28 Entrypoint initialization pod: python-component-libbop-on-911f368576666baa5a4650d5600df543-pod | init container: place-scripts 2026/04/29 13:25:32 Decoded script /tekton/scripts/script-0-9ctj8 2026/04/29 13:25:32 Decoded script /tekton/scripts/script-1-5rqnd pod: python-component-libbop-on-911f368576666baa5a4650d5600df543-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1777469160.8920145,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777469161.925745,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ b10bd081606dc2bbe0d3934ea47345230fe74bc4 (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1777469161.9258094,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777469161.9531457,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision b10bd081606dc2bbe0d3934ea47345230fe74bc4 directly. pod: python-component-libbop-on-911f368576666baa5a4650d5600df543-pod | container step-symlink-check: Running symlink check pod: python-component-libbop-on-911f368576666baa5a4650d5600df543-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:1a81f3fa0df79af8f8b07cb945f4292855151c859b37c63aedd406d509a7e63d) Using token for quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop Executing: oras push --annotation=quay.expires-after=5d --registry-config /tmp/create-oci.sh.PiEIks/auth-gxMOYp.json quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop:on-pr-b10bd081606dc2bbe0d3934ea47345230fe74bc4.git SOURCE_ARTIFACT Uploading 1a81f3fa0df7 SOURCE_ARTIFACT Uploaded 1a81f3fa0df7 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/build-e2e-fhve/python-component-libbop:on-pr-b10bd081606dc2bbe0d3934ea47345230fe74bc4.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:7230c094208ef5fe38576edb60456bce6d4bd9d373fb09102a1a53fa4640004c Artifacts created pod: python-component-libbop-on-pull-request-9z6sd-init-pod | init container: prepare 2026/04/29 13:25:06 Entrypoint initialization pod: python-component-libbop-on-pull-request-9z6sd-init-pod | container step-init: time="2026-04-29T13:25:13Z" level=info msg="[param] enable: false" time="2026-04-29T13:25:13Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-29T13:25:13Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-29T13:25:13Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-29T13:25:13Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-29T13:25:13Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-29T13:25:13Z" level=info msg="Cache proxy is disabled via param" time="2026-04-29T13:25:13Z" level=info msg="[result] HTTP PROXY: " time="2026-04-29T13:25:13Z" level=info msg="[result] NO PROXY: " New PipelineRun python-component-libbop-on-pull-request-w7dmz found after retrigger for component build-e2e-fhve/python-component-libbop PipelineRun python-component-libbop-on-pull-request-w7dmz found for Component build-e2e-fhve/python-component-libbop PipelineRun python-component-libbop-on-pull-request-w7dmz reason: ResolvingTaskRef PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: Running PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping PipelineRun python-component-libbop-on-pull-request-w7dmz reason: PipelineRunStopping attempt 2/3: PipelineRun "python-component-libbop-on-pull-request-w7dmz" failed: context deadline exceededNew PipelineRun python-component-libbop-on-pull-request-r7pcb found after retrigger for component build-e2e-fhve/python-component-libbop PipelineRun python-component-libbop-on-pull-request-r7pcb found for Component build-e2e-fhve/python-component-libbop PipelineRun python-component-libbop-on-pull-request-r7pcb reason: ResolvingTaskRef PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Running PipelineRun python-component-libbop-on-pull-request-r7pcb reason: Completed << Timeline ------------------------------ • [2.729 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace merging the PR should be successful [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:164 Timeline >> merged result sha: 0f5a4da7e214021545b735ac6b84ddc0675dd082 for PR #32722 << Timeline ------------------------------ • [20.216 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace leads to triggering on push PipelineRun [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:174 Timeline >> Push PipelineRun has not been created yet for the component build-e2e-fhve/python-component-libbop << Timeline ------------------------------ • [3.705 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace only one component is changed [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:190 Timeline >> PR #32724 got created with sha 9619ec8a3ba41eaace639b1ea7837a1913a70835 << Timeline ------------------------------ • [20.214 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace only related pipelinerun should be triggered [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:205 Timeline >> on pull PiplelineRun has not been created yet for the PR << Timeline ------------------------------ • [25.518 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when a components is created with same git url in different namespace should fail to configure PaC for the component [build-service, github, pac-build, multi-component] /workspace/source/test/e2e/multi_component.go:264 Timeline >> Image repository for component go-component-eesctl in namespace build-e2e-rvhd do not have right state ('' != 'ready') yet but it has status { { } { } []}. build status annotation value: {"pac":{"state":"error","error-id":53,"error-message":"53: Git repository is already handled by Pipelines as Code"},"message":"done"} build status: &{State:error MergeUrl: ConfigurationTime: ErrorInfo:{ErrId:53 ErrMessage:53: Git repository is already handled by Pipelines as Code}} << Timeline ------------------------------ • [3823.826 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is updated PipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:492 Timeline >> PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl found for Component build-e2e-viij/gl-test-custom-branch-htpzja PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun has not been created yet for the Component build-e2e-viij/gl-test-custom-branch-htpzja PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-2fxhl reason: Running attempt 1/3: PipelineRun "gl-test-custom-branch-htpzja-on-pull-request-2fxhl" failed: context deadline exceededNew PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 found after retrigger for component build-e2e-viij/gl-test-custom-branch-htpzja PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 found for Component build-e2e-viij/gl-test-custom-branch-htpzja PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping PipelineRun gl-test-custom-branch-htpzja-on-pull-request-z9xf8 reason: PipelineRunStopping attempt 2/3: PipelineRun "gl-test-custom-branch-htpzja-on-pull-request-z9xf8" failed: context deadline exceededNew PipelineRun gl-test-custom-branch-htpzja-on-pull-request-62rp9 found after retrigger for component build-e2e-viij/gl-test-custom-branch-htpzja PipelineRun has not been created yet for the Component build-e2e-viij/gl-test-custom-branch-htpzja PipelineRun gl-test-custom-branch-htpzja-on-pull-request-q5xx9 found for Component build-e2e-viij/gl-test-custom-branch-htpzja PipelineRun gl-test-custom-branch-htpzja-on-pull-request-q5xx9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-q5xx9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-q5xx9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-q5xx9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-q5xx9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-q5xx9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-q5xx9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-q5xx9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-q5xx9 reason: Running PipelineRun gl-test-custom-branch-htpzja-on-pull-request-q5xx9 reason: Completed << Timeline ------------------------------ • [0.386 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is updated eventually leads to another update of a PR about the PipelineRun status report at Checks tab [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:497 ------------------------------ • [22.656 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged eventually leads to triggering another PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:523 Timeline >> merged result sha: ec3314966a757245f6c3ddc3aab444a91e97aa8d PipelineRun has not been created yet for the component build-e2e-viij/gl-test-custom-branch-htpzja << Timeline ------------------------------ • [140.213 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:539 Timeline >> PipelineRun gl-test-custom-branch-htpzja-on-push-g78rj found for Component build-e2e-viij/gl-test-custom-branch-htpzja PipelineRun gl-test-custom-branch-htpzja-on-push-g78rj reason: Running PipelineRun gl-test-custom-branch-htpzja-on-push-g78rj reason: Running PipelineRun gl-test-custom-branch-htpzja-on-push-g78rj reason: Running PipelineRun gl-test-custom-branch-htpzja-on-push-g78rj reason: Running PipelineRun gl-test-custom-branch-htpzja-on-push-g78rj reason: Running PipelineRun gl-test-custom-branch-htpzja-on-push-g78rj reason: Running PipelineRun gl-test-custom-branch-htpzja-on-push-g78rj reason: Running PipelineRun gl-test-custom-branch-htpzja-on-push-g78rj reason: Completed << Timeline ------------------------------ • [0.337 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged does not have expiration set [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:545 ------------------------------ • [131.271 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged After updating image visibility to private, it should not trigger another PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:560 Timeline >> found pipelinerun: gl-test-custom-branch-htpzja-on-pull-request-62rp9 found pipelinerun: gl-test-custom-branch-htpzja-on-pull-request-62rp9 waiting for one minute and expecting to not trigger a PipelineRun << Timeline ------------------------------ • [0.326 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged image repo is updated to private [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:590 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:595 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:631 ------------------------------ • [26.744 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the component is removed and recreated (with the same name in the same namespace) should no longer lead to a creation of a PaC PR [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/test/e2e/pac_build.go:701 Timeline >> Image repository for component gl-test-custom-branch-htpzja in namespace build-e2e-viij do not have right state ('' != 'ready') yet but it has status { { } { } []}. Found purge PR with id: 3 << Timeline ------------------------------ [ReportAfterSuite] PASSED [1099.132 seconds] [ReportAfterSuite] Autogenerated ReportAfterSuite for --junit-report autogenerated by Ginkgo ------------------------------ Summarizing 4 Failures: [FAIL] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace [It] create dockerfile and yaml manifest that references build and distribution repositories [build-service, renovate, multi-component, forgejo] /workspace/source/test/e2e/renovate.go:337 [FAIL] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace [It] PAC PipelineRun for parent component is successful [build-service, renovate, multi-component, gitlab] /workspace/source/test/e2e/renovate.go:403 [FAIL] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new Component with specified custom branch is created [It] the PipelineRun should eventually finish successfully [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/test/e2e/pac_build.go:362 [FAIL] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace [It] PAC PipelineRun for parent component is successful [build-service, renovate, multi-component, github] /workspace/source/test/e2e/renovate.go:403 Ran 119 of 154 Specs in 4987.713 seconds FAIL! -- 115 Passed | 4 Failed | 7 Pending | 28 Skipped Ginkgo ran 1 suite in 1h27m23.504630819s Test Suite Failed