go: downloading github.com/konflux-ci/build-service v0.0.0-20240611083846-2dee6cfe6fe4 go: downloading github.com/google/go-containerregistry v0.20.7 go: downloading github.com/konflux-ci/e2e-tests v0.0.0-20260506085906-2e394d3dcf2e go: downloading github.com/devfile/library/v2 v2.2.1-0.20230418160146-e75481b7eebd go: downloading github.com/konflux-ci/application-api v0.0.0-20260312190025-5154ad273e17 go: downloading k8s.io/apimachinery v0.34.2 go: downloading github.com/konflux-ci/release-service v0.0.0-20260127184035-c36c56a3c440 go: downloading github.com/google/go-github/v66 v66.0.0 go: downloading github.com/onsi/gomega v1.39.1 go: downloading k8s.io/api v0.34.2 go: downloading github.com/tektoncd/pipeline v1.7.0 go: downloading github.com/go-logr/logr v1.4.3 go: downloading golang.org/x/sys v0.42.0 go: downloading golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 go: downloading github.com/openshift-pipelines/pipelines-as-code v0.34.0 go: downloading gopkg.in/yaml.v2 v2.4.0 go: downloading github.com/openshift/api v0.0.0-20260320151444-324a1bcb9f55 go: downloading k8s.io/client-go v0.34.2 go: downloading k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 go: downloading knative.dev/pkg v0.0.0-20250424013628-d5e74d29daa3 go: downloading sigs.k8s.io/controller-runtime v0.20.2 go: downloading sigs.k8s.io/yaml v1.6.0 go: downloading github.com/bradleyfalzon/ghinstallation/v2 v2.17.0 go: downloading github.com/prometheus/client_golang v1.23.2 go: downloading github.com/google/go-github/v45 v45.2.0 go: downloading golang.org/x/oauth2 v0.34.0 go: downloading k8s.io/apiextensions-apiserver v0.34.2 go: downloading github.com/fatih/color v1.18.0 go: downloading github.com/go-git/go-git/v5 v5.16.5 go: downloading github.com/gobwas/glob v0.2.3 go: downloading github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 go: downloading github.com/pkg/errors v0.9.1 go: downloading k8s.io/klog v1.0.0 go: downloading github.com/hashicorp/go-multierror v1.1.1 go: downloading github.com/konflux-ci/operator-toolkit v0.0.0-20260312101100-d4e398191a68 go: downloading github.com/operator-framework/operator-lib v0.19.0 go: downloading github.com/google/go-cmp v0.7.0 go: downloading github.com/google/go-querystring v1.2.0 go: downloading github.com/konflux-ci/image-controller v0.0.0-20240530145826-3296e4996f6f go: downloading github.com/avast/retry-go/v4 v4.3.3 go: downloading k8s.io/klog/v2 v2.130.1 go: downloading github.com/xanzy/go-gitlab v0.114.0 go: downloading github.com/docker/cli v29.0.3+incompatible go: downloading github.com/magefile/mage v1.14.0 go: downloading github.com/mitchellh/go-homedir v1.1.0 go: downloading github.com/moby/buildkit v0.12.5 go: downloading github.com/openshift/library-go v0.0.0-20220525173854-9b950a41acdc go: downloading github.com/golang-jwt/jwt/v4 v4.5.2 go: downloading github.com/google/go-github/v75 v75.0.0 go: downloading github.com/fsnotify/fsnotify v1.9.0 go: downloading github.com/spf13/afero v1.15.0 go: downloading go.yaml.in/yaml/v2 v2.4.4 go: downloading github.com/mattn/go-colorable v0.1.14 go: downloading github.com/mattn/go-isatty v0.0.20 go: downloading github.com/gogo/protobuf v1.3.2 go: downloading sigs.k8s.io/structured-merge-diff/v6 v6.3.2 go: downloading gopkg.in/inf.v0 v0.9.1 go: downloading sigs.k8s.io/randfill v1.0.0 go: downloading github.com/evanphx/json-patch/v5 v5.9.11 go: downloading codeberg.org/mvdkleijn/forgejo-sdk/forgejo/v2 v2.2.0 go: downloading github.com/gofri/go-github-ratelimit v1.0.3-0.20230428184158-a500e14de53f go: downloading go.yaml.in/yaml/v3 v3.0.4 go: downloading golang.org/x/net v0.52.0 go: downloading github.com/codeready-toolchain/api v0.0.0-20231217224957-34f7cb3fcbf7 go: downloading github.com/conforma/crds/api v0.1.7 go: downloading github.com/konflux-ci/integration-service v0.0.0-20260330012634-6190adb9bbce go: downloading github.com/openshift/client-go v0.0.0-20260108185524-48f4ccfc4e13 go: downloading github.com/redhat-appstudio/jvm-build-service v0.0.0-20240126122210-0e2ee7e2e5b0 go: downloading github.com/vmware-tanzu/velero v1.17.2 go: downloading github.com/codeready-toolchain/toolchain-common v0.0.0-20220523142428-2558e76260fb go: downloading github.com/codeready-toolchain/toolchain-e2e v0.0.0-20220525131508-60876bfb99d3 go: downloading github.com/peterbourgon/diskv v2.0.1+incompatible go: downloading github.com/opencontainers/go-digest v1.0.0 go: downloading github.com/bmatcuk/doublestar/v4 v4.7.1 go: downloading github.com/hashicorp/errwrap v1.1.0 go: downloading github.com/opencontainers/image-spec v1.1.1 go: downloading oras.land/oras-go/v2 v2.5.0 go: downloading github.com/tektoncd/cli v0.43.0 go: downloading github.com/beorn7/perks v1.0.1 go: downloading github.com/cespare/xxhash/v2 v2.3.0 go: downloading github.com/prometheus/client_model v0.6.2 go: downloading github.com/prometheus/common v0.67.5 go: downloading google.golang.org/protobuf v1.36.11 go: downloading github.com/prometheus/procfs v0.19.2 go: downloading sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 go: downloading golang.org/x/crypto v0.49.0 go: downloading golang.org/x/text v0.35.0 go: downloading gomodules.xyz/jsonpatch/v2 v2.5.0 go: downloading k8s.io/kube-openapi v0.0.0-20260330154417-16be699c7b31 go: downloading github.com/json-iterator/go v1.1.12 go: downloading github.com/hashicorp/go-cleanhttp v0.5.2 go: downloading github.com/hashicorp/go-retryablehttp v0.7.8 go: downloading golang.org/x/time v0.15.0 go: downloading dario.cat/mergo v1.0.2 go: downloading github.com/ProtonMail/go-crypto v1.3.0 go: downloading github.com/go-git/go-billy/v5 v5.7.0 go: downloading github.com/sergi/go-diff v1.4.0 go: downloading github.com/42wim/httpsig v1.2.3 go: downloading github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e go: downloading github.com/hashicorp/go-version v1.7.0 go: downloading github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 go: downloading github.com/sirupsen/logrus v1.9.3 go: downloading github.com/containerd/stargz-snapshotter/estargz v0.18.1 go: downloading github.com/docker/distribution v2.8.3+incompatible go: downloading github.com/google/cel-go v0.26.1 go: downloading github.com/google/btree v1.1.3 go: downloading github.com/fxamacker/cbor/v2 v2.9.0 go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 go: downloading github.com/pjbgf/sha1cd v0.5.0 go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd go: downloading github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee go: downloading github.com/cyphar/filepath-securejoin v0.6.1 go: downloading github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 go: downloading github.com/emirpasic/gods v1.18.1 go: downloading github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 go: downloading github.com/containerd/typeurl/v2 v2.2.2 go: downloading github.com/docker/docker-credential-helpers v0.9.3 go: downloading github.com/klauspost/compress v1.18.2 go: downloading github.com/spf13/pflag v1.0.10 go: downloading golang.org/x/term v0.41.0 go: downloading github.com/google/uuid v1.6.0 go: downloading github.com/google/gnostic-models v0.7.1 go: downloading github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc go: downloading github.com/kevinburke/ssh_config v1.4.0 go: downloading github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 go: downloading github.com/skeema/knownhosts v1.3.2 go: downloading github.com/xanzy/ssh-agent v0.3.3 go: downloading github.com/vbatts/tar-split v0.12.2 go: downloading github.com/cloudflare/circl v1.6.3 go: downloading github.com/docker/docker v28.5.2+incompatible go: downloading contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20230502190836-7399e0f8ee5e go: downloading contrib.go.opencensus.io/exporter/prometheus v0.4.2 go: downloading go.opencensus.io v0.24.0 go: downloading go.uber.org/zap v1.27.1 go: downloading google.golang.org/grpc v1.79.3 go: downloading gopkg.in/warnings.v0 v0.1.2 go: downloading github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 go: downloading github.com/x448/float16 v0.8.4 go: downloading gopkg.in/evanphx/json-patch.v4 v4.13.0 go: downloading github.com/go-openapi/jsonreference v0.21.5 go: downloading github.com/go-openapi/swag v0.25.5 go: downloading github.com/emicklei/go-restful/v3 v3.13.0 go: downloading github.com/blendle/zapdriver v1.3.1 go: downloading github.com/prometheus/statsd_exporter v0.28.0 go: downloading github.com/census-instrumentation/opencensus-proto v0.4.1 go: downloading github.com/golang/protobuf v1.5.4 go: downloading google.golang.org/api v0.262.0 go: downloading github.com/go-openapi/jsonpointer v0.22.5 go: downloading github.com/go-openapi/swag/cmdutils v0.25.5 go: downloading github.com/go-openapi/swag/fileutils v0.25.5 go: downloading github.com/go-openapi/swag/conv v0.25.5 go: downloading github.com/go-openapi/swag/jsonname v0.25.5 go: downloading github.com/go-openapi/swag/jsonutils v0.25.5 go: downloading github.com/go-openapi/swag/loading v0.25.5 go: downloading github.com/go-openapi/swag/mangling v0.25.5 go: downloading github.com/go-openapi/swag/netutils v0.25.5 go: downloading github.com/go-openapi/swag/stringutils v0.25.5 go: downloading github.com/go-openapi/swag/typeutils v0.25.5 go: downloading github.com/go-openapi/swag/yamlutils v0.25.5 go: downloading cel.dev/expr v0.25.1 go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20260406210006-6f92a3bedf2d go: downloading go.uber.org/multierr v1.11.0 go: downloading github.com/klauspost/cpuid/v2 v2.3.0 go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.6 go: downloading github.com/stoewer/go-strcase v1.3.1 go: downloading github.com/antlr4-go/antlr/v4 v4.13.1 go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 Running Suite: Build Service E2E - /workspace/source/e2e-tests/tests ==================================================================== Random Seed: 1778173800 Will run 43 of 157 specs Running in parallel across 5 processes SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test build secret lookup when two secrets are created when second component is deleted, pac pr branch should not exist in the repo [build-service, github, pac-build, secret-lookup] /workspace/source/e2e-tests/tests/secret_lookup.go:206 ------------------------------ SSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:595 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:595 ------------------------------ SS ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:631 ------------------------------ S ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:631 ------------------------------ SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ • [35.656 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private correctly targets the default branch (that is not named 'main') with PaC [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/e2e-tests/tests/pac_build.go:137 Timeline >> Image repository for component gl-test-custom-default-cezujd in namespace build-e2e-meic do not have right state ('' != 'ready') yet but it has status { { } { } []}. << Timeline ------------------------------ • [0.147 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private workspace parameter is set correctly in PaC repository CR [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/e2e-tests/tests/pac_build.go:154 ------------------------------ • [20.275 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private triggers a PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/e2e-tests/tests/pac_build.go:176 Timeline >> PipelineRun has not been created yet for the component build-e2e-meic/gl-test-custom-branch-gicfja << Timeline ------------------------------ • [0.000 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private build pipeline uses the correct serviceAccount [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/e2e-tests/tests/pac_build.go:191 ------------------------------ • [0.068 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private component build status is set correctly [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/e2e-tests/tests/pac_build.go:195 Timeline >> build status annotation value: {"pac":{"state":"enabled","merge-url":"https://gitlab.com/konflux-qe/devfile-sample-hello-world-tciaie/-/merge_requests/1","configuration-time":"Thu, 07 May 2026 17:14:21 UTC"},"message":"done"} state: enabled mergeUrl: https://gitlab.com/konflux-qe/devfile-sample-hello-world-tciaie/-/merge_requests/1 errId: 0 errMessage: configurationTime: Thu, 07 May 2026 17:14:21 UTC << Timeline ------------------------------ • [7.591 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private image repo and robot account created successfully [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/e2e-tests/tests/pac_build.go:225 ------------------------------ • [0.280 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private created image repo is private [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/e2e-tests/tests/pac_build.go:243 ------------------------------ • [16.454 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private a related PipelineRun should be deleted after deleting the component [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/e2e-tests/tests/pac_build.go:249 ------------------------------ • [0.211 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private PR branch should not exist in the repo [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/e2e-tests/tests/pac_build.go:264 ------------------------------ • [0.869 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new component without specified branch is created and with visibility private related image repo and the robot account should be deleted after deleting the component [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, pac-custom-default-branch] /workspace/source/e2e-tests/tests/pac_build.go:277 ------------------------------ • [98.754 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace creates component with nudges [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:235 Timeline >> ReleaseAdmissionPlan data: {"Mapping":{"Components":[{"Name":"gl-multi-component-parent-gykg","Repository":"quay.io/redhat-appstudio-qe/release-repository"}]}}Image repository for component gl-multi-component-parent-gykg in namespace build-e2e-uftp do not have right state ('' != 'ready') yet but it has status { { } { } []}. << Timeline ------------------------------ • [44.739 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace triggers a PipelineRun for parent component [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:259 Timeline >> PipelineRun has not been created yet for the component build-e2e-uftp/gl-multi-component-parent-gykg PipelineRun has not been created yet for the component build-e2e-uftp/gl-multi-component-parent-gykg << Timeline ------------------------------ • [62.006 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created triggers a PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:327 Timeline >> Image repository for component gl-test-custom-branch-gicfja in namespace build-e2e-meic do not have right state ('' != 'ready') yet but it has status { { } { } []}. PipelineRun has not been created yet for the component build-e2e-meic/gl-test-custom-branch-gicfja PipelineRun has not been created yet for the component build-e2e-meic/gl-test-custom-branch-gicfja << Timeline ------------------------------ • [0.224 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created should lead to a PaC init PR creation [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:342 ------------------------------ • [300.210 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace the PipelineRun should eventually finish successfully for parent component [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:274 Timeline >> PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd found for Component build-e2e-uftp/gl-multi-component-parent-gykg PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Running PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Running PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Running PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Running PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Running PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Running PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Running PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Running PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Running PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Running PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Running PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Running PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Running PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Running PipelineRun gl-multi-component-parent-gykg-on-pull-request-2rvdd reason: Completed << Timeline ------------------------------ • [300.205 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created the PipelineRun should eventually finish successfully [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:360 Timeline >> PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr found for Component build-e2e-meic/gl-test-custom-branch-gicfja PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: ResolvingTaskRef PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-bx6hr reason: Completed << Timeline ------------------------------ • [1.023 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created image repo and robot account created successfully [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:365 ------------------------------ • [0.299 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created created image repo is public [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:384 ------------------------------ • [0.562 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created image tag is updated successfully [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:390 Timeline >> Image tag quay.io/redhat-appstudio-qe/build-e2e-meic/gl-test-custom-branch-gicfja:on-pr-51f55294cecf2ed9b5b246c19960d2d3c518ecb3 successfully found in Quay << Timeline ------------------------------ • [0.380 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created should ensure pruning labels are set [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:416 ------------------------------ • [0.698 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when a new Component with specified custom branch is created eventually leads to the PipelineRun status report at Checks tab [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:433 ------------------------------ • [21.466 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is updated eventually leads to triggering another PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:458 Timeline >> created file sha: 3728ee2d21e8defdb32360d4f1f57c955dad62ef PipelineRun has not been created yet for the component build-e2e-meic/gl-test-custom-branch-gicfja << Timeline ------------------------------ • [0.650 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is updated should lead to a PaC init PR update [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:473 ------------------------------ • [160.204 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is updated PipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:492 Timeline >> PipelineRun gl-test-custom-branch-gicfja-on-pull-request-wnwmk found for Component build-e2e-meic/gl-test-custom-branch-gicfja PipelineRun gl-test-custom-branch-gicfja-on-pull-request-wnwmk reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-wnwmk reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-wnwmk reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-wnwmk reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-wnwmk reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-wnwmk reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-wnwmk reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-wnwmk reason: Running PipelineRun gl-test-custom-branch-gicfja-on-pull-request-wnwmk reason: Completed << Timeline ------------------------------ • [0.356 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is updated eventually leads to another update of a PR about the PipelineRun status report at Checks tab [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:497 ------------------------------ • [191.926 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace the PipelineRun should eventually finish successfully for child component [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:285 Timeline >> PipelineRun gl-multi-component-child-gykg-on-pull-request-gsg55 found for Component build-e2e-uftp/gl-multi-component-child-gykg PipelineRun gl-multi-component-child-gykg-on-pull-request-gsg55 reason: Cancelled attempt 1/3: PipelineRun "gl-multi-component-child-gykg-on-pull-request-gsg55" failed: Cancelled: PipelineRun "gl-multi-component-child-gykg-on-pull-request-gsg55" was cancelledNew PipelineRun gl-multi-component-child-gykg-on-pull-request-qbkr7 found after retrigger for component build-e2e-uftp/gl-multi-component-child-gykg PipelineRun gl-multi-component-child-gykg-on-pull-request-qbkr7 found for Component build-e2e-uftp/gl-multi-component-child-gykg PipelineRun gl-multi-component-child-gykg-on-pull-request-qbkr7 reason: ResolvingTaskRef PipelineRun gl-multi-component-child-gykg-on-pull-request-qbkr7 reason: Running PipelineRun gl-multi-component-child-gykg-on-pull-request-qbkr7 reason: Running PipelineRun gl-multi-component-child-gykg-on-pull-request-qbkr7 reason: Running PipelineRun gl-multi-component-child-gykg-on-pull-request-qbkr7 reason: Running PipelineRun gl-multi-component-child-gykg-on-pull-request-qbkr7 reason: Running PipelineRun gl-multi-component-child-gykg-on-pull-request-qbkr7 reason: Running PipelineRun gl-multi-component-child-gykg-on-pull-request-qbkr7 reason: Running PipelineRun gl-multi-component-child-gykg-on-pull-request-qbkr7 reason: Running PipelineRun gl-multi-component-child-gykg-on-pull-request-qbkr7 reason: Completed << Timeline ------------------------------ • [0.308 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace should lead to a PaC PR creation for child component [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:289 ------------------------------ • [2.329 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace Merging the PaC PR should be successful for child component [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:307 Timeline >> merged result sha: 4dc22a3aa9f636d5dd1ac26f9debba3c46b0067a for PR #1 << Timeline ------------------------------ • [22.904 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged eventually leads to triggering another PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:523 Timeline >> merged result sha: 4000ae4d6ecf583f91476152fa6ffd22094b75df PipelineRun has not been created yet for the component build-e2e-meic/gl-test-custom-branch-gicfja << Timeline ------------------------------ • [66.149 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace create dockerfile and yaml manifest that references build and distribution repositories [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:318 ------------------------------ • [0.204 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace should lead to a PaC PR creation for parent component [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:358 ------------------------------ • [1.269 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace Merging the PaC PR should be successful for parent component [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:375 Timeline >> merged result sha: 4aa53ce53e73e603445898a92dec892838c175ee for PR #1 << Timeline ------------------------------ • [20.215 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace PR merge triggers PAC PipelineRun for parent component [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:385 Timeline >> Push PipelineRun has not been created yet for the component build-e2e-uftp/gl-multi-component-parent-gykg << Timeline ------------------------------ • [200.202 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:539 Timeline >> PipelineRun gl-test-custom-branch-gicfja-on-push-jmxbh found for Component build-e2e-meic/gl-test-custom-branch-gicfja PipelineRun gl-test-custom-branch-gicfja-on-push-jmxbh reason: Running PipelineRun gl-test-custom-branch-gicfja-on-push-jmxbh reason: Running PipelineRun gl-test-custom-branch-gicfja-on-push-jmxbh reason: Running PipelineRun gl-test-custom-branch-gicfja-on-push-jmxbh reason: Running PipelineRun gl-test-custom-branch-gicfja-on-push-jmxbh reason: Running PipelineRun gl-test-custom-branch-gicfja-on-push-jmxbh reason: Running PipelineRun gl-test-custom-branch-gicfja-on-push-jmxbh reason: Running PipelineRun gl-test-custom-branch-gicfja-on-push-jmxbh reason: Running PipelineRun gl-test-custom-branch-gicfja-on-push-jmxbh reason: Running PipelineRun gl-test-custom-branch-gicfja-on-push-jmxbh reason: Running PipelineRun gl-test-custom-branch-gicfja-on-push-jmxbh reason: Completed << Timeline ------------------------------ • [5.119 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged does not have expiration set [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:545 ------------------------------ • [121.194 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged After updating image visibility to private, it should not trigger another PipelineRun [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:560 Timeline >> waiting for one minute and expecting to not trigger a PipelineRun << Timeline ------------------------------ • [27.721 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged image repo is updated to private [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:590 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:595 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:631 ------------------------------ • [41.678 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the component is removed related image repo and robot accounts deleted [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:650 ------------------------------ • [1.828 seconds] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the component is removed purge PR is created successfully [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /workspace/source/e2e-tests/tests/pac_build.go:666 Timeline >> Found purge PR with id: 3 << Timeline ------------------------------ • [FAILED] [853.941 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace [It] PAC PipelineRun for parent component is successful [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:401 Timeline >> PipelineRun gl-multi-component-parent-gykg-on-push-jmttl found for Component build-e2e-uftp/gl-multi-component-parent-gykg PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Running PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: PipelineRunStopping PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: PipelineRunStopping PipelineRun gl-multi-component-parent-gykg-on-push-jmttl reason: Failed attempt 1/3: PipelineRun "gl-multi-component-parent-gykg-on-push-jmttl" failed: pod: gl-multi-component-parent-gykg-on-pull-request-2rvdd-init-pod | init container: prepare 2026/05/07 17:16:25 Entrypoint initialization pod: gl-multi-component-parent-gykg-on-pull-request-2rvdd-init-pod | container step-init: time="2026-05-07T17:16:30Z" level=info msg="[param] enable: false" time="2026-05-07T17:16:30Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-07T17:16:30Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-07T17:16:30Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-07T17:16:30Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-07T17:16:30Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-07T17:16:30Z" level=info msg="Cache proxy is disabled via param" time="2026-05-07T17:16:30Z" level=info msg="[result] HTTP PROXY: " time="2026-05-07T17:16:30Z" level=info msg="[result] NO PROXY: " pod: gl-multi-component-parent-gykg-on-push-jmttl-apply-tags-pod | init container: prepare 2026/05/07 17:33:39 Entrypoint initialization pod: gl-multi-component-parent-gykg-on-push-jmttl-apply-tags-pod | container step-apply-additional-tags: time="2026-05-07T17:33:59Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg:4aa53ce53e73e603445898a92dec892838c175ee" time="2026-05-07T17:33:59Z" level=info msg="[param] digest: sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4" time="2026-05-07T17:33:59Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-05-07T17:34:26Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: gl-multi-component-parent-gykg-on-push-jmttl-clair-scan-pod | init container: prepare 2026/05/07 17:33:15 Entrypoint initialization pod: gl-multi-component-parent-gykg-on-push-jmttl-clair-scan-pod | init container: place-scripts 2026/05/07 17:33:16 Decoded script /tekton/scripts/script-0-kjv8q 2026/05/07 17:33:16 Decoded script /tekton/scripts/script-1-lqtdg 2026/05/07 17:33:16 Decoded script /tekton/scripts/script-2-zxfh7 2026/05/07 17:33:16 Decoded script /tekton/scripts/script-3-b9j85 pod: gl-multi-component-parent-gykg-on-push-jmttl-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg@sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4. time="2026-05-07T17:34:07Z" level=fatal msg="Error parsing image name \"docker://quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg@sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4\": reading manifest sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 in quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg: received unexpected HTTP status: 502 Bad Gateway" info: Retrying again in 5 seconds... time="2026-05-07T17:34:29Z" level=fatal msg="Error parsing image name \"docker://quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg@sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4\": reading manifest sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 in quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg: received unexpected HTTP status: 502 Bad Gateway" info: Retrying again in 5 seconds... pod: gl-multi-component-parent-gykg-on-push-jmttl-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-05-07T17:34:38Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"}] 2026-05-07T17:34:38Z INF libvuln initialized component=libvuln/New 2026/05/07 17:34:42 error creating manifest: GET https://quay.io/v2/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg/manifests/sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4: unexpected status code 502 Bad Gateway: 502 Bad Gateway

502 Bad Gateway

info: Retrying again in 5 seconds... 2026-05-07T17:34:47Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"}] 2026-05-07T17:34:47Z INF libvuln initialized component=libvuln/New 2026-05-07T17:34:55Z INF registered configured scanners component=libindex/New 2026-05-07T17:34:55Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-05-07T17:34:55Z INF index request start component=libindex/Libindex.Index manifest=sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 2026-05-07T17:34:55Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 2026-05-07T17:34:55Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 state=CheckManifest 2026-05-07T17:34:55Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 state=FetchLayers 2026-05-07T17:34:57Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 state=FetchLayers 2026-05-07T17:34:57Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 state=FetchLayers 2026-05-07T17:34:57Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 state=ScanLayers 2026-05-07T17:34:57Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 state=ScanLayers 2026-05-07T17:34:57Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 state=IndexManifest 2026-05-07T17:34:57Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 state=IndexFinished 2026-05-07T17:34:57Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 state=IndexFinished 2026-05-07T17:34:58Z INF index request done component=libindex/Libindex.Index manifest=sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 { "manifest_hash": "sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4", "packages": { "+A7/nzEXX3Q/xJZ50VMnlQ==": { "id": "+A7/nzEXX3Q/xJZ50VMnlQ==", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+X1MdmtPTbyDb/wq7joJhA==": { "id": "+X1MdmtPTbyDb/wq7joJhA==", "name": "libtool-ltdl", "version": "2.4.6-46.el9", "kind": "binary", "source": { "id": "", "name": "libtool", "version": "2.4.6-46.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+bwl6UbMaWOBWdHNekJsEw==": { "id": "+bwl6UbMaWOBWdHNekJsEw==", "name": "coreutils-single", "version": "8.32-39.el9", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-39.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/L1kFEoHZTukrNTCQLypFQ==": { "id": "/L1kFEoHZTukrNTCQLypFQ==", "name": "xz-libs", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/O7rOBo1qRMFm3q3Kf3mEw==": { "id": "/O7rOBo1qRMFm3q3Kf3mEw==", "name": "libselinux", "version": "3.6-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.6-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/h/TBQhfoSMCmey5oN87jA==": { "id": "/h/TBQhfoSMCmey5oN87jA==", "name": "libsolv", "version": "0.7.24-3.el9", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.24-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ub7EE8Da46T0x7lRdlVJg==": { "id": "/ub7EE8Da46T0x7lRdlVJg==", "name": "libsmartcols", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0T19Aon0dgLleTpQjLWzKw==": { "id": "0T19Aon0dgLleTpQjLWzKw==", "name": "crypto-policies", "version": "20250128-1.git5269e22.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20250128-1.git5269e22.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1atoBfoH0mJ0bCpetQ7/0g==": { "id": "1atoBfoH0mJ0bCpetQ7/0g==", "name": "file-libs", "version": "5.39-16.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2gCbp4kt+cF44NF/LqukDg==": { "id": "2gCbp4kt+cF44NF/LqukDg==", "name": "pcre2-syntax", "version": "10.40-6.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "5+tHFkkNi+1rUDSrmgYdkw==": { "id": "5+tHFkkNi+1rUDSrmgYdkw==", "name": "p11-kit-trust", "version": "0.25.3-3.el9_5", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5fhQlRzIg/IB8EVM2pFIZA==": { "id": "5fhQlRzIg/IB8EVM2pFIZA==", "name": "audit-libs", "version": "3.1.5-4.el9", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.5-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6WyRl8U3PR6ipKlxqlBzFA==": { "id": "6WyRl8U3PR6ipKlxqlBzFA==", "name": "ncurses-base", "version": "6.2-10.20210508.el9_6.2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-10.20210508.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "7cpIREEQnkaI7dbmWgmrvg==": { "id": "7cpIREEQnkaI7dbmWgmrvg==", "name": "gdbm-libs", "version": "1:1.23-1.el9", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.23-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7mDaaxs3ev+uNEDYC97U3Q==": { "id": "7mDaaxs3ev+uNEDYC97U3Q==", "name": "zlib", "version": "1.2.11-40.el9", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-40.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7ra56f21gLrcSpBD8a9+NQ==": { "id": "7ra56f21gLrcSpBD8a9+NQ==", "name": "libmount", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7vssDPaHKfFKMLimKBo7Gw==": { "id": "7vssDPaHKfFKMLimKBo7Gw==", "name": "libpeas", "version": "1.30.0-4.el9", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.30.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8uME+PFu6p/OAD7q+ZTVLw==": { "id": "8uME+PFu6p/OAD7q+ZTVLw==", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.25.3-3.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9olIUlLHZMdoUMju+8diyQ==": { "id": "9olIUlLHZMdoUMju+8diyQ==", "name": "filesystem", "version": "3.16-5.el9", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.16-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BQhiFmX4hLYteW4oRCLTSA==": { "id": "BQhiFmX4hLYteW4oRCLTSA==", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BRLVvSCW1qZQlEQR2x48fQ==": { "id": "BRLVvSCW1qZQlEQR2x48fQ==", "name": "gobject-introspection", "version": "1.68.0-11.el9", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.68.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CpfomSYboaXPZ9yn9NgGgw==": { "id": "CpfomSYboaXPZ9yn9NgGgw==", "name": "krb5-libs", "version": "1.21.1-8.el9_6", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.21.1-8.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DrLq8qfU1bfE8o8AfdvkrQ==": { "id": "DrLq8qfU1bfE8o8AfdvkrQ==", "name": "libverto", "version": "0.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FZ9gWulzkx76xjTSH/yM/g==": { "id": "FZ9gWulzkx76xjTSH/yM/g==", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "binary", "source": { "id": "", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FrUQI+koTfbikRk1jsFd0w==": { "id": "FrUQI+koTfbikRk1jsFd0w==", "name": "libstdc++", "version": "11.5.0-5.el9_5", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.5.0-5.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G61ZL2SOHR2qgvQfi118gw==": { "id": "G61ZL2SOHR2qgvQfi118gw==", "name": "dejavu-sans-fonts", "version": "2.37-18.el9", "kind": "binary", "source": { "id": "", "name": "dejavu-fonts", "version": "2.37-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HQdWvmyUSqtI3UTY0T4JiQ==": { "id": "HQdWvmyUSqtI3UTY0T4JiQ==", "name": "pcre", "version": "8.44-4.el9", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "I16VSEydeiRYB1TSf5694A==": { "id": "I16VSEydeiRYB1TSf5694A==", "name": "libreport-filesystem", "version": "2.15.2-6.el9", "kind": "binary", "source": { "id": "", "name": "libreport", "version": "2.15.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IZ65O3ZOapykHwhaOX1/YA==": { "id": "IZ65O3ZOapykHwhaOX1/YA==", "name": "libnghttp2", "version": "1.43.0-6.el9", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.43.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JKP7JzVg7UGaAz4VrH03lQ==": { "id": "JKP7JzVg7UGaAz4VrH03lQ==", "name": "langpacks-core-font-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KF5C+zKu/uFB7knCqOvDAQ==": { "id": "KF5C+zKu/uFB7knCqOvDAQ==", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KXUGN6voGlWUMRN5TCFy4w==": { "id": "KXUGN6voGlWUMRN5TCFy4w==", "name": "systemd-libs", "version": "252-51.el9_6.2", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "252-51.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Lwqn0aweLQLZmo12VvYcog==": { "id": "Lwqn0aweLQLZmo12VvYcog==", "name": "popt", "version": "1.18-8.el9", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "M9YTWinowLqOqX/+8mbhjg==": { "id": "M9YTWinowLqOqX/+8mbhjg==", "name": "sqlite-libs", "version": "3.34.1-8.el9_6", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-8.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MDH8Zt4oQWDiYk9qFV5Lbg==": { "id": "MDH8Zt4oQWDiYk9qFV5Lbg==", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NdCY2/S+syamLH224R4hug==": { "id": "NdCY2/S+syamLH224R4hug==", "name": "langpacks-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "O1acB+rpl9OLkk9I6phF7Q==": { "id": "O1acB+rpl9OLkk9I6phF7Q==", "name": "shadow-utils", "version": "2:4.9-12.el9", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.9-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OCIjbR16ktOEiFK36r0WNw==": { "id": "OCIjbR16ktOEiFK36r0WNw==", "name": "libtasn1", "version": "4.16.0-9.el9", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.16.0-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OaFmq38HlbKLTTEM/qATzg==": { "id": "OaFmq38HlbKLTTEM/qATzg==", "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-31.el9_6.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OgwdUybWl/HQYbnPTE4Psw==": { "id": "OgwdUybWl/HQYbnPTE4Psw==", "name": "npth", "version": "1.6-8.el9", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.6-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ohssf0Jzlafd9vtrrUKCXg==": { "id": "Ohssf0Jzlafd9vtrrUKCXg==", "name": "bash", "version": "5.1.8-9.el9", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Om9zCJ/QZ+hnrEvj6fGw==": { "id": "P5Om9zCJ/QZ+hnrEvj6fGw==", "name": "libgcrypt", "version": "1.10.0-11.el9", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.10.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PIk2BBAWexCFofMi5q03RA==": { "id": "PIk2BBAWexCFofMi5q03RA==", "name": "pcre2", "version": "10.40-6.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PZXvGa4khHd2n6o73hJ/Pg==": { "id": "PZXvGa4khHd2n6o73hJ/Pg==", "name": "microdnf", "version": "3.9.1-3.el9", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.9.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RXh3fimX8fGZeCt4chJEiA==": { "id": "RXh3fimX8fGZeCt4chJEiA==", "name": "librhsm", "version": "0.0.3-9.el9", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "S8p9UGak1oycptcpYp/1eg==": { "id": "S8p9UGak1oycptcpYp/1eg==", "name": "openldap", "version": "2.6.8-4.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.8-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SjQtW3gQmgt+Qj8JlnY4Mg==": { "id": "SjQtW3gQmgt+Qj8JlnY4Mg==", "name": "libblkid", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Su8bfW9ijc0V5CiAum2V1g==": { "id": "Su8bfW9ijc0V5CiAum2V1g==", "name": "bzip2-libs", "version": "1.0.8-10.el9_5", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-10.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TPIRq84Pr3a6ywzPeCr3Pw==": { "id": "TPIRq84Pr3a6ywzPeCr3Pw==", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "To0NR+oyXDu1CYJfmVGurQ==": { "id": "To0NR+oyXDu1CYJfmVGurQ==", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VV2Z1ngTs6sGvt5SrayPCg==": { "id": "VV2Z1ngTs6sGvt5SrayPCg==", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VX9V+Y680L2xf2tBREdpCw==": { "id": "VX9V+Y680L2xf2tBREdpCw==", "name": "gmp", "version": "1:6.2.0-13.el9", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.2.0-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WtG8AvirpmNJ8wVE+fxfGQ==": { "id": "WtG8AvirpmNJ8wVE+fxfGQ==", "name": "libxml2", "version": "2.9.13-12.el9_6", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-12.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XG5+bW8np2NedSy/od6z8Q==": { "id": "XG5+bW8np2NedSy/od6z8Q==", "name": "libacl", "version": "2.3.1-4.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XJlS+gwEt7T+nNr/Bflqzg==": { "id": "XJlS+gwEt7T+nNr/Bflqzg==", "name": "glibc-minimal-langpack", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XMkvB1ljVS0bNTUu2UEs3g==": { "id": "XMkvB1ljVS0bNTUu2UEs3g==", "name": "libgcc", "version": "11.5.0-5.el9_5", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.5.0-5.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XwbkaIGCYyq6BjBMVZ1wzw==": { "id": "XwbkaIGCYyq6BjBMVZ1wzw==", "name": "readline", "version": "8.1-4.el9", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZabCZVOpeuHGnRiGdzqBig==": { "id": "ZabCZVOpeuHGnRiGdzqBig==", "name": "openssl-fips-provider-so", "version": "3.0.7-6.el9_5", "kind": "binary", "source": { "id": "", "name": "openssl-fips-provider", "version": "3.0.7-6.el9_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "arLt5War9yeQ8auYn/Idmw==": { "id": "arLt5War9yeQ8auYn/Idmw==", "name": "nettle", "version": "3.10.1-1.el9", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.10.1-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ayTA+mXRKgSCRl5LaqP4/w==": { "id": "ayTA+mXRKgSCRl5LaqP4/w==", "name": "glib2", "version": "2.68.4-16.el9_6.2", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-16.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bFvWffGqJWr7FWnI7K9NVw==": { "id": "bFvWffGqJWr7FWnI7K9NVw==", "name": "grep", "version": "3.6-5.el9", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bemGVBhbDe9iV1Kjvd9hAA==": { "id": "bemGVBhbDe9iV1Kjvd9hAA==", "name": "libffi", "version": "3.4.2-8.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bgzKs6bbeWeXxcqE+n7Jog==": { "id": "bgzKs6bbeWeXxcqE+n7Jog==", "name": "libsepol", "version": "3.6-2.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.6-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dC9CoYt17eaqinGSVCfCxw==": { "id": "dC9CoYt17eaqinGSVCfCxw==", "name": "libattr", "version": "2.5.1-3.el9", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.5.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "de44cUqF23LvU0fOSvNRjA==": { "id": "de44cUqF23LvU0fOSvNRjA==", "name": "libevent", "version": "2.1.12-8.el9_4", "kind": "binary", "source": { "id": "", "name": "libevent", "version": "2.1.12-8.el9_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dpQG/pUwAqVv1OdQqnvylQ==": { "id": "dpQG/pUwAqVv1OdQqnvylQ==", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eK3V3oi6vbIfOQRAcWBYDw==": { "id": "eK3V3oi6vbIfOQRAcWBYDw==", "name": "glibc-common", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eRa7MZyiHBvsv7GPhkGKdg==": { "id": "eRa7MZyiHBvsv7GPhkGKdg==", "name": "lua-libs", "version": "5.4.4-4.el9", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.4.4-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eaygsCP+5IpdIryvw94Tcw==": { "id": "eaygsCP+5IpdIryvw94Tcw==", "name": "rootfiles", "version": "8.1-34.el9", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-34.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f8lJd/yoDqE6O0RUQGqkpQ==": { "id": "f8lJd/yoDqE6O0RUQGqkpQ==", "name": "libusbx", "version": "1.0.26-1.el9", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.26-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gsKPriszRNKAqMnHK+dXgw==": { "id": "gsKPriszRNKAqMnHK+dXgw==", "name": "libksba", "version": "1.5.1-7.el9", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.5.1-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hYEisV19Dxn4PvCvxJFm5A==": { "id": "hYEisV19Dxn4PvCvxJFm5A==", "name": "lz4-libs", "version": "1.9.3-5.el9", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iTD/lpKAM3AZEWh+zVx2tg==": { "id": "iTD/lpKAM3AZEWh+zVx2tg==", "name": "librepo", "version": "1.14.5-2.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.5-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iVtx1BX52G3zRfk+g/oWIg==": { "id": "iVtx1BX52G3zRfk+g/oWIg==", "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.2.2-6.el9_5.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iaJm7Mdk9UadnBII0ZwMeA==": { "id": "iaJm7Mdk9UadnBII0ZwMeA==", "name": "dnf-data", "version": "4.14.0-25.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.14.0-25.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "izPQpATHYfezyT+kcua/tQ==": { "id": "izPQpATHYfezyT+kcua/tQ==", "name": "gnutls", "version": "3.8.3-6.el9_6.2", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.8.3-6.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jAjaNW7NMGiv7HfByDu4RQ==": { "id": "jAjaNW7NMGiv7HfByDu4RQ==", "name": "alternatives", "version": "1.24-2.el9", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.24-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kAEPeyZOK/FwFoG6mOFUbQ==": { "id": "kAEPeyZOK/FwFoG6mOFUbQ==", "name": "libcap", "version": "2.48-9.el9_2", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-9.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kFxhSjWy84mTZBM4XiZaeQ==": { "id": "kFxhSjWy84mTZBM4XiZaeQ==", "name": "setup", "version": "2.13.7-10.el9", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.13.7-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kgbITSeRtKiT7enG8buGXw==": { "id": "kgbITSeRtKiT7enG8buGXw==", "name": "libcom_err", "version": "1.46.5-7.el9", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kigiD4fuysu8/DeCr+ONKQ==": { "id": "kigiD4fuysu8/DeCr+ONKQ==", "name": "basesystem", "version": "11-13.el9", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kp6BaioAZ30jbVeZkkzokA==": { "id": "kp6BaioAZ30jbVeZkkzokA==", "name": "libzstd", "version": "1.5.5-1.el9", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.5.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kvpHJLhsWpgEBJjx168pDg==": { "id": "kvpHJLhsWpgEBJjx168pDg==", "name": "tzdata", "version": "2025b-1.el9", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025b-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lI6hCbIwETVhCFhL4BxyiQ==": { "id": "lI6hCbIwETVhCFhL4BxyiQ==", "name": "libdnf", "version": "0.69.0-13.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.69.0-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lad8JH31WlI0MsNEYhUWlA==": { "id": "lad8JH31WlI0MsNEYhUWlA==", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-168.el9_6.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mDM1q1sl0PqUWEn54kTSRw==": { "id": "mDM1q1sl0PqUWEn54kTSRw==", "name": "curl-minimal", "version": "7.76.1-31.el9_6.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-31.el9_6.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mK/FUfODp3MR7WS2xegPsw==": { "id": "mK/FUfODp3MR7WS2xegPsw==", "name": "langpacks-core-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mPqGnMbiXN6jP61aGbHvOA==": { "id": "mPqGnMbiXN6jP61aGbHvOA==", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nzQEyt4JfkGeZIIHPiBhog==": { "id": "nzQEyt4JfkGeZIIHPiBhog==", "name": "libuuid", "version": "2.37.4-21.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nzlusFbkan5h1d1Ks+BKBQ==": { "id": "nzlusFbkan5h1d1Ks+BKBQ==", "name": "ncurses-libs", "version": "6.2-10.20210508.el9_6.2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-10.20210508.el9_6.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pYM7mYzFYUjRrK74RyhfOw==": { "id": "pYM7mYzFYUjRrK74RyhfOw==", "name": "redhat-release", "version": "9.6-0.1.el9", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "9.6-0.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qYSZ6aKFWol313IOGRXaug==": { "id": "qYSZ6aKFWol313IOGRXaug==", "name": "json-c", "version": "0.14-11.el9", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.14-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rCLp3m64Catai9VuHvh3Lw==": { "id": "rCLp3m64Catai9VuHvh3Lw==", "name": "keyutils-libs", "version": "1.6.3-1.el9", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rY/kE/V4JnxYoqV+lmc9mg==": { "id": "rY/kE/V4JnxYoqV+lmc9mg==", "name": "gawk", "version": "5.1.0-6.el9", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "5.1.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rlHYqOr0lkUB/Gs6b1kD2g==": { "id": "rlHYqOr0lkUB/Gs6b1kD2g==", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ssPaV1VLDu6d5ZJ6Rrmh3A==": { "id": "ssPaV1VLDu6d5ZJ6Rrmh3A==", "name": "sed", "version": "4.8-9.el9", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sx0C6L5COHIkv6yQQyPlbw==": { "id": "sx0C6L5COHIkv6yQQyPlbw==", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u5TyEoU5GA6Z2czzwhMLiA==": { "id": "u5TyEoU5GA6Z2czzwhMLiA==", "name": "fonts-filesystem", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "v3i4ez5juML2ZWwR+6dFFg==": { "id": "v3i4ez5juML2ZWwR+6dFFg==", "name": "gnupg2", "version": "2.3.3-4.el9", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.3.3-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wCA3gMNtInqX1xg18QcnQg==": { "id": "wCA3gMNtInqX1xg18QcnQg==", "name": "ca-certificates", "version": "2024.2.69_v8.0.303-91.4.el9_4", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2024.2.69_v8.0.303-91.4.el9_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wfJGCqOH8d+IYg/dAepx1A==": { "id": "wfJGCqOH8d+IYg/dAepx1A==", "name": "libarchive", "version": "3.5.3-6.el9_6", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-6.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "x4oijVhQU8BUwJwoFvk4QA==": { "id": "x4oijVhQU8BUwJwoFvk4QA==", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xSopjH0yPtbnx33MBmtmuA==": { "id": "xSopjH0yPtbnx33MBmtmuA==", "name": "rpm-libs", "version": "4.16.1.3-37.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xhMgwxa+ubXlCA6s9XfRgw==": { "id": "xhMgwxa+ubXlCA6s9XfRgw==", "name": "cyrus-sasl-lib", "version": "2.1.27-21.el9", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yEp9fQVFIQAEDPCwC3GLmA==": { "id": "yEp9fQVFIQAEDPCwC3GLmA==", "name": "libsemanage", "version": "3.6-5.el9_6", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.6-5.el9_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zPvTALB8qlNtHa1j2iT5Zg==": { "id": "zPvTALB8qlNtHa1j2iT5Zg==", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-37.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "2d8b0a46-2d35-457e-ae86-74ba170d43f4": { "id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "9", "version_code_name": "", "version_id": "9", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 9" } }, "repository": { "8a4497ef-3334-47fd-97e1-0a75e168b0a1": { "id": "8a4497ef-3334-47fd-97e1-0a75e168b0a1", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "a93baef5-6406-4188-b490-5f4f035daffd": { "id": "a93baef5-6406-4188-b490-5f4f035daffd", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" } }, "environments": { "+A7/nzEXX3Q/xJZ50VMnlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "+X1MdmtPTbyDb/wq7joJhA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "+bwl6UbMaWOBWdHNekJsEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "/L1kFEoHZTukrNTCQLypFQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "/O7rOBo1qRMFm3q3Kf3mEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "/h/TBQhfoSMCmey5oN87jA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "/ub7EE8Da46T0x7lRdlVJg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "0T19Aon0dgLleTpQjLWzKw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "1atoBfoH0mJ0bCpetQ7/0g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "2gCbp4kt+cF44NF/LqukDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "5+tHFkkNi+1rUDSrmgYdkw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "5fhQlRzIg/IB8EVM2pFIZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "6WyRl8U3PR6ipKlxqlBzFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "7cpIREEQnkaI7dbmWgmrvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "7mDaaxs3ev+uNEDYC97U3Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "7ra56f21gLrcSpBD8a9+NQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "7vssDPaHKfFKMLimKBo7Gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "8uME+PFu6p/OAD7q+ZTVLw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "9olIUlLHZMdoUMju+8diyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "BQhiFmX4hLYteW4oRCLTSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "BRLVvSCW1qZQlEQR2x48fQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "CpfomSYboaXPZ9yn9NgGgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "DrLq8qfU1bfE8o8AfdvkrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "FZ9gWulzkx76xjTSH/yM/g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "FrUQI+koTfbikRk1jsFd0w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "G61ZL2SOHR2qgvQfi118gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "HQdWvmyUSqtI3UTY0T4JiQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "I16VSEydeiRYB1TSf5694A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "IZ65O3ZOapykHwhaOX1/YA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "JKP7JzVg7UGaAz4VrH03lQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "KF5C+zKu/uFB7knCqOvDAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "KXUGN6voGlWUMRN5TCFy4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "Lwqn0aweLQLZmo12VvYcog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "M9YTWinowLqOqX/+8mbhjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "MDH8Zt4oQWDiYk9qFV5Lbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "NdCY2/S+syamLH224R4hug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "O1acB+rpl9OLkk9I6phF7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "OCIjbR16ktOEiFK36r0WNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "OaFmq38HlbKLTTEM/qATzg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "OgwdUybWl/HQYbnPTE4Psw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "Ohssf0Jzlafd9vtrrUKCXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "P5Om9zCJ/QZ+hnrEvj6fGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "PIk2BBAWexCFofMi5q03RA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "PZXvGa4khHd2n6o73hJ/Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "RXh3fimX8fGZeCt4chJEiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "S8p9UGak1oycptcpYp/1eg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "SjQtW3gQmgt+Qj8JlnY4Mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "Su8bfW9ijc0V5CiAum2V1g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "TPIRq84Pr3a6ywzPeCr3Pw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "To0NR+oyXDu1CYJfmVGurQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "VV2Z1ngTs6sGvt5SrayPCg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "VX9V+Y680L2xf2tBREdpCw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "WtG8AvirpmNJ8wVE+fxfGQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "XG5+bW8np2NedSy/od6z8Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "XJlS+gwEt7T+nNr/Bflqzg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "XMkvB1ljVS0bNTUu2UEs3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "XwbkaIGCYyq6BjBMVZ1wzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "ZabCZVOpeuHGnRiGdzqBig==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "arLt5War9yeQ8auYn/Idmw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "ayTA+mXRKgSCRl5LaqP4/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "bFvWffGqJWr7FWnI7K9NVw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "bemGVBhbDe9iV1Kjvd9hAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "bgzKs6bbeWeXxcqE+n7Jog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "dC9CoYt17eaqinGSVCfCxw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "de44cUqF23LvU0fOSvNRjA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "dpQG/pUwAqVv1OdQqnvylQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "eK3V3oi6vbIfOQRAcWBYDw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "eRa7MZyiHBvsv7GPhkGKdg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "eaygsCP+5IpdIryvw94Tcw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "f8lJd/yoDqE6O0RUQGqkpQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "gsKPriszRNKAqMnHK+dXgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "hYEisV19Dxn4PvCvxJFm5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "iTD/lpKAM3AZEWh+zVx2tg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "iVtx1BX52G3zRfk+g/oWIg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "iaJm7Mdk9UadnBII0ZwMeA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "izPQpATHYfezyT+kcua/tQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "jAjaNW7NMGiv7HfByDu4RQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "kAEPeyZOK/FwFoG6mOFUbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "kFxhSjWy84mTZBM4XiZaeQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "kgbITSeRtKiT7enG8buGXw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "kigiD4fuysu8/DeCr+ONKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "kp6BaioAZ30jbVeZkkzokA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "kvpHJLhsWpgEBJjx168pDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "lI6hCbIwETVhCFhL4BxyiQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "lad8JH31WlI0MsNEYhUWlA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "mDM1q1sl0PqUWEn54kTSRw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "mK/FUfODp3MR7WS2xegPsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "mPqGnMbiXN6jP61aGbHvOA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "nzQEyt4JfkGeZIIHPiBhog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "nzlusFbkan5h1d1Ks+BKBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "pYM7mYzFYUjRrK74RyhfOw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "qYSZ6aKFWol313IOGRXaug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "rCLp3m64Catai9VuHvh3Lw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "rY/kE/V4JnxYoqV+lmc9mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "rlHYqOr0lkUB/Gs6b1kD2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "ssPaV1VLDu6d5ZJ6Rrmh3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "sx0C6L5COHIkv6yQQyPlbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "u5TyEoU5GA6Z2czzwhMLiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "v3i4ez5juML2ZWwR+6dFFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "wCA3gMNtInqX1xg18QcnQg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "wfJGCqOH8d+IYg/dAepx1A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "x4oijVhQU8BUwJwoFvk4QA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "xSopjH0yPtbnx33MBmtmuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "xhMgwxa+ubXlCA6s9XfRgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "yEp9fQVFIQAEDPCwC3GLmA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ], "zPvTALB8qlNtHa1j2iT5Zg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "2d8b0a46-2d35-457e-ae86-74ba170d43f4", "repository_ids": [ "a93baef5-6406-4188-b490-5f4f035daffd", "8a4497ef-3334-47fd-97e1-0a75e168b0a1" ] }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:2920d84eafa0cf94806ab58f0a2124f7b2d35bcbb06fc89a9106dcc28efe397a", "distribution_id": "", "repository_ids": null } ] }, "vulnerabilities": { "+TrS27bZKgEeir9pISurnQ==": { "id": "+TrS27bZKgEeir9pISurnQ==", "updater": "rhel-vex", "name": "CVE-2026-5773", "description": "A flaw was found in libcurl. Due to a logical error in the connection reuse mechanism for SMB (Server Message Block) transfers, libcurl might reuse an existing SMB connection with a different share than intended. This vulnerability, categorized as CWE-488 (Exposure of Data Element to Wrong Session), could lead to the download of an incorrect file or the upload of a file to an unintended location when an application uses libcurl for SMB transfers.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5773 https://bugzilla.redhat.com/show_bug.cgi?id=2461201 https://www.cve.org/CVERecord?id=CVE-2026-5773 https://nvd.nist.gov/vuln/detail/CVE-2026-5773 https://curl.se/docs/CVE-2026-5773.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5773.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+U7CyAHaY71mhNm2Xnq2uw==": { "id": "+U7CyAHaY71mhNm2Xnq2uw==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "+UOyQgpOAnrWS+mVMK5k1Q==": { "id": "+UOyQgpOAnrWS+mVMK5k1Q==", "updater": "rhel-vex", "name": "CVE-2026-0861", "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "issued": "2026-01-14T21:01:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0861 https://bugzilla.redhat.com/show_bug.cgi?id=2429771 https://www.cve.org/CVERecord?id=CVE-2026-0861 https://nvd.nist.gov/vuln/detail/CVE-2026-0861 https://sourceware.org/bugzilla/show_bug.cgi?id=33796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0861.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "/jvSCV2RwJ6c/Llx9z8uvA==": { "id": "/jvSCV2RwJ6c/Llx9z8uvA==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "0E1VjQWdmolR9lr9ElIZZQ==": { "id": "0E1VjQWdmolR9lr9ElIZZQ==", "updater": "rhel-vex", "name": "CVE-2026-28389", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28389 https://bugzilla.redhat.com/show_bug.cgi?id=2451096 https://www.cve.org/CVERecord?id=CVE-2026-28389 https://nvd.nist.gov/vuln/detail/CVE-2026-28389 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28389.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1/8/Mjb4nleg0SsOivHAww==": { "id": "1/8/Mjb4nleg0SsOivHAww==", "updater": "rhel-vex", "name": "CVE-2025-9820", "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "issued": "2025-11-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9820 https://bugzilla.redhat.com/show_bug.cgi?id=2392528 https://www.cve.org/CVERecord?id=CVE-2025-9820 https://nvd.nist.gov/vuln/detail/CVE-2025-9820 https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 https://gitlab.com/gnutls/gnutls/-/issues/1732 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9820.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "1hhG+RKT0fsxlS/Wf/LWEA==": { "id": "1hhG+RKT0fsxlS/Wf/LWEA==", "updater": "rhel-vex", "name": "CVE-2026-0861", "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "issued": "2026-01-14T21:01:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0861 https://bugzilla.redhat.com/show_bug.cgi?id=2429771 https://www.cve.org/CVERecord?id=CVE-2026-0861 https://nvd.nist.gov/vuln/detail/CVE-2026-0861 https://sourceware.org/bugzilla/show_bug.cgi?id=33796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0861.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "1npmxgSnoYj2MyAhQMaE7g==": { "id": "1npmxgSnoYj2MyAhQMaE7g==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2TDjlt2gAEWsLyBBPigFYw==": { "id": "2TDjlt2gAEWsLyBBPigFYw==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3UNcgW64Eji4iyY2ZDB1cg==": { "id": "3UNcgW64Eji4iyY2ZDB1cg==", "updater": "rhel-vex", "name": "CVE-2026-3783", "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "issued": "2026-03-11T10:09:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3783 https://bugzilla.redhat.com/show_bug.cgi?id=2446450 https://www.cve.org/CVERecord?id=CVE-2026-3783 https://nvd.nist.gov/vuln/detail/CVE-2026-3783 http://www.openwall.com/lists/oss-security/2026/03/11/2 https://curl.se/docs/CVE-2026-3783.html https://curl.se/docs/CVE-2026-3783.json https://hackerone.com/reports/3583983 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3783.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3bb0a18NQSPWO0aeq9twVw==": { "id": "3bb0a18NQSPWO0aeq9twVw==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "429KD7e1Cl6AyUZNBGOTQw==": { "id": "429KD7e1Cl6AyUZNBGOTQw==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "4u3exWl+MPcCOYOgbQLM+A==": { "id": "4u3exWl+MPcCOYOgbQLM+A==", "updater": "rhel-vex", "name": "CVE-2025-69419", "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69419 https://bugzilla.redhat.com/show_bug.cgi?id=2430386 https://www.cve.org/CVERecord?id=CVE-2025-69419 https://nvd.nist.gov/vuln/detail/CVE-2025-69419 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69419.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "59oEBlU3jh6EL6gtZDUaug==": { "id": "59oEBlU3jh6EL6gtZDUaug==", "updater": "rhel-vex", "name": "CVE-2026-4437", "description": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.", "issued": "2026-03-20T19:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4437 https://bugzilla.redhat.com/show_bug.cgi?id=2449777 https://www.cve.org/CVERecord?id=CVE-2026-4437 https://nvd.nist.gov/vuln/detail/CVE-2026-4437 https://sourceware.org/bugzilla/show_bug.cgi?id=34014 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4437.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5BksN0izCeDRrtFMsNCyvg==": { "id": "5BksN0izCeDRrtFMsNCyvg==", "updater": "rhel-vex", "name": "CVE-2025-9232", "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9232 https://bugzilla.redhat.com/show_bug.cgi?id=2396056 https://www.cve.org/CVERecord?id=CVE-2025-9232 https://nvd.nist.gov/vuln/detail/CVE-2025-9232 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9232.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5amguv6OT1njd8r+RXMCQQ==": { "id": "5amguv6OT1njd8r+RXMCQQ==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "66LeUA2b+ILx/Qsv0eSJ5w==": { "id": "66LeUA2b+ILx/Qsv0eSJ5w==", "updater": "rhel-vex", "name": "CVE-2026-3832", "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.", "issued": "2026-04-30T17:29:25Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3832 https://bugzilla.redhat.com/show_bug.cgi?id=2445762 https://www.cve.org/CVERecord?id=CVE-2026-3832 https://nvd.nist.gov/vuln/detail/CVE-2026-3832 https://gitlab.com/gnutls/gnutls/-/issues/1801 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3832.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6hAQW3vY9ZA/8datv1rY4g==": { "id": "6hAQW3vY9ZA/8datv1rY4g==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6rEIsdyQtCC456AuGwgsDQ==": { "id": "6rEIsdyQtCC456AuGwgsDQ==", "updater": "rhel-vex", "name": "CVE-2025-15079", "description": "A flaw was found in curl. When performing SSH-based transfers using SCP or SFTP, libcurl could mistakenly connect to hosts not listed in the user-specified knownhosts file. This occurs if the host is present in the libssh global knownhosts file, effectively bypassing the intended host verification. This could allow a remote attacker to connect to an untrusted host, potentially leading to information disclosure or man-in-the-middle attacks.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15079 https://bugzilla.redhat.com/show_bug.cgi?id=2426409 https://www.cve.org/CVERecord?id=CVE-2025-15079 https://nvd.nist.gov/vuln/detail/CVE-2025-15079 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15079.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "72HhoIyfPMwkQyR2IF7qqw==": { "id": "72HhoIyfPMwkQyR2IF7qqw==", "updater": "rhel-vex", "name": "CVE-2026-4878", "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "issued": "2026-04-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2451615 https://www.cve.org/CVERecord?id=CVE-2026-4878 https://nvd.nist.gov/vuln/detail/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2447554 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4878.json https://access.redhat.com/errata/RHSA-2026:12441", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.48-10.el9_7.1", "arch_op": "pattern match" }, "76mWuVYhbmIFsc4DNorK9A==": { "id": "76mWuVYhbmIFsc4DNorK9A==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "76z9Mpn8Jp7lhZSPsHTHug==": { "id": "76z9Mpn8Jp7lhZSPsHTHug==", "updater": "rhel-vex", "name": "CVE-2025-68973", "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "issued": "2025-12-28T16:19:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68973 https://bugzilla.redhat.com/show_bug.cgi?id=2425966 https://www.cve.org/CVERecord?id=CVE-2025-68973 https://nvd.nist.gov/vuln/detail/CVE-2025-68973 https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306 https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 https://gpg.fail/memcpy https://news.ycombinator.com/item?id=46403200 https://www.openwall.com/lists/oss-security/2025/12/28/5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68973.json https://access.redhat.com/errata/RHSA-2026:0719", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.3.3-5.el9_7", "arch_op": "pattern match" }, "78ARTcr/iVbEbtXWNEyadA==": { "id": "78ARTcr/iVbEbtXWNEyadA==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "7aI+wyLEqkIPj2Wh4f1UKg==": { "id": "7aI+wyLEqkIPj2Wh4f1UKg==", "updater": "rhel-vex", "name": "CVE-2026-40356", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40356 https://bugzilla.redhat.com/show_bug.cgi?id=2463368 https://www.cve.org/CVERecord?id=CVE-2026-40356 https://nvd.nist.gov/vuln/detail/CVE-2026-40356 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40356.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7eKrcl3YwGJqhWmZNbH7Eg==": { "id": "7eKrcl3YwGJqhWmZNbH7Eg==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "8MfvwX+dRI6Qt2H+x71rZg==": { "id": "8MfvwX+dRI6Qt2H+x71rZg==", "updater": "rhel-vex", "name": "CVE-2025-15224", "description": "A flaw was found in libcurl. When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15224 https://bugzilla.redhat.com/show_bug.cgi?id=2426410 https://www.cve.org/CVERecord?id=CVE-2025-15224 https://nvd.nist.gov/vuln/detail/CVE-2025-15224 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15224.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZCpE1M7eqNdy615aO2gLQ==": { "id": "8ZCpE1M7eqNdy615aO2gLQ==", "updater": "rhel-vex", "name": "CVE-2026-0992", "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0992 https://bugzilla.redhat.com/show_bug.cgi?id=2429975 https://www.cve.org/CVERecord?id=CVE-2026-0992 https://nvd.nist.gov/vuln/detail/CVE-2026-0992 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0992.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8kndQj/aRn+NNJdGVP9v4g==": { "id": "8kndQj/aRn+NNJdGVP9v4g==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9bjl4H6CMWLL3h1g5y6i9Q==": { "id": "9bjl4H6CMWLL3h1g5y6i9Q==", "updater": "rhel-vex", "name": "CVE-2026-5928", "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "issued": "2026-04-20T20:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5928 https://bugzilla.redhat.com/show_bug.cgi?id=2459854 https://www.cve.org/CVERecord?id=CVE-2026-5928 https://nvd.nist.gov/vuln/detail/CVE-2026-5928 https://sourceware.org/bugzilla/show_bug.cgi?id=33998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5928.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9iigvnuYDaC8UzcOIDLjIQ==": { "id": "9iigvnuYDaC8UzcOIDLjIQ==", "updater": "rhel-vex", "name": "CVE-2026-24883", "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "issued": "2026-01-27T18:43:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24883 https://bugzilla.redhat.com/show_bug.cgi?id=2433463 https://www.cve.org/CVERecord?id=CVE-2026-24883 https://nvd.nist.gov/vuln/detail/CVE-2026-24883 https://dev.gnupg.org/T8049 https://www.openwall.com/lists/oss-security/2026/01/27/8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24883.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AD3UsMwxeXvBzVWIm5l5yw==": { "id": "AD3UsMwxeXvBzVWIm5l5yw==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "APh1+6yq/mlF0fXLxUkIDw==": { "id": "APh1+6yq/mlF0fXLxUkIDw==", "updater": "rhel-vex", "name": "CVE-2026-41989", "description": "A flaw was found in Libgcrypt. A remote attacker could exploit this vulnerability by sending crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the `gcry_pk_decrypt` function. This can lead to a heap-based buffer overflow, potentially causing a denial of service (DoS) condition.", "issued": "2026-04-23T04:30:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41989 https://bugzilla.redhat.com/show_bug.cgi?id=2461063 https://www.cve.org/CVERecord?id=CVE-2026-41989 https://nvd.nist.gov/vuln/detail/CVE-2026-41989 https://dev.gnupg.org/T8211 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41989.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AUiFITCnRjRxctzqqbDeeA==": { "id": "AUiFITCnRjRxctzqqbDeeA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Argl342WI7oZtgSo+p9kMA==": { "id": "Argl342WI7oZtgSo+p9kMA==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "AwYRRq6SmgfJLn2NZxQUdw==": { "id": "AwYRRq6SmgfJLn2NZxQUdw==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BheYJlsY7UG2Ru8eF1IU4g==": { "id": "BheYJlsY7UG2Ru8eF1IU4g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libmount", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "D7U85Qc3CYAscEzhSfT76A==": { "id": "D7U85Qc3CYAscEzhSfT76A==", "updater": "rhel-vex", "name": "CVE-2025-15467", "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "issued": "2026-01-27T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15467 https://bugzilla.redhat.com/show_bug.cgi?id=2430376 https://www.cve.org/CVERecord?id=CVE-2025-15467 https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "DDxCHnX+kCqcRQj9b90/cg==": { "id": "DDxCHnX+kCqcRQj9b90/cg==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DTApvRZh1HJD5XbbpU3ahw==": { "id": "DTApvRZh1HJD5XbbpU3ahw==", "updater": "rhel-vex", "name": "CVE-2026-1757", "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "issued": "2026-02-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1757 https://bugzilla.redhat.com/show_bug.cgi?id=2435940 https://www.cve.org/CVERecord?id=CVE-2026-1757 https://nvd.nist.gov/vuln/detail/CVE-2026-1757 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DXoWfwXPN9ZCvCU/obObKQ==": { "id": "DXoWfwXPN9ZCvCU/obObKQ==", "updater": "rhel-vex", "name": "CVE-2026-4878", "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "issued": "2026-04-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2451615 https://www.cve.org/CVERecord?id=CVE-2026-4878 https://nvd.nist.gov/vuln/detail/CVE-2026-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2447554 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4878.json https://access.redhat.com/errata/RHSA-2026:12441", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.48-10.el9_7.1", "arch_op": "pattern match" }, "DrIVK8+yvV91OzF2CS9o5A==": { "id": "DrIVK8+yvV91OzF2CS9o5A==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "Eh3WlvVSpgyvj1kaA5So7g==": { "id": "Eh3WlvVSpgyvj1kaA5So7g==", "updater": "rhel-vex", "name": "CVE-2025-13601", "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "issued": "2025-11-24T13:00:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://www.cve.org/CVERecord?id=CVE-2025-13601 https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13601.json https://access.redhat.com/errata/RHSA-2026:0936", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-18.el9_7.1", "arch_op": "pattern match" }, "Ez8lHT2uV9Tf9vJC/T4WXg==": { "id": "Ez8lHT2uV9Tf9vJC/T4WXg==", "updater": "rhel-vex", "name": "CVE-2026-4426", "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4426 https://bugzilla.redhat.com/show_bug.cgi?id=2449010 https://www.cve.org/CVERecord?id=CVE-2026-4426 https://nvd.nist.gov/vuln/detail/CVE-2026-4426 https://github.com/libarchive/libarchive/pull/2897 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4426.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "F4WBuBnk4OQIl1a5Q4CVPg==": { "id": "F4WBuBnk4OQIl1a5Q4CVPg==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://gitlab.gnome.org/GNOME/libxml2/-/issues/941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FLpBF1y0CvCfFuXOmlaRZw==": { "id": "FLpBF1y0CvCfFuXOmlaRZw==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json https://access.redhat.com/errata/RHSA-2025:22376", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-14.el9_7", "arch_op": "pattern match" }, "FQwXyPZ+oHyxQZ9RBQXbpw==": { "id": "FQwXyPZ+oHyxQZ9RBQXbpw==", "updater": "rhel-vex", "name": "CVE-2025-13034", "description": "A flaw was found in curl. When configured to use public key pinning with QUIC connections and GnuTLS, and with standard certificate verification explicitly disabled, curl could bypass the intended public key check. This oversight allows a malicious server to impersonate a legitimate one, potentially leading to unauthorized access or information disclosure due to a failure in verifying the server's identity.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13034 https://bugzilla.redhat.com/show_bug.cgi?id=2426406 https://www.cve.org/CVERecord?id=CVE-2025-13034 https://nvd.nist.gov/vuln/detail/CVE-2025-13034 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13034.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GAn7gWUe2pFr7PbwechqxA==": { "id": "GAn7gWUe2pFr7PbwechqxA==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GWKQvGJTKzyU9GiQECoFhg==": { "id": "GWKQvGJTKzyU9GiQECoFhg==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "H1wshPoazj8pmzsnWAztZA==": { "id": "H1wshPoazj8pmzsnWAztZA==", "updater": "rhel-vex", "name": "CVE-2026-6276", "description": "A flaw was found in libcurl. This vulnerability allows for information disclosure when a custom `Host:` header is used in an initial HTTP request, and a subsequent request reuses the same connection without specifying a new `Host:` header. This can lead to libcurl incorrectly sending cookies intended for the first host to the second host, resulting in a cookie leak. This issue is categorized as an Origin Validation Error (CWE-346). Exploitation typically requires specific debugging configurations.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6276 https://bugzilla.redhat.com/show_bug.cgi?id=2461203 https://www.cve.org/CVERecord?id=CVE-2026-6276 https://nvd.nist.gov/vuln/detail/CVE-2026-6276 https://curl.se/docs/CVE-2026-6276.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6276.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HxI42iSjURjRki+uV6q/9w==": { "id": "HxI42iSjURjRki+uV6q/9w==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IFUwSX5dX69QHRHfvOeQDg==": { "id": "IFUwSX5dX69QHRHfvOeQDg==", "updater": "rhel-vex", "name": "CVE-2026-6429", "description": "A flaw was found in libcurl. When configured to use a .netrc file for credentials and follow HTTP redirects, libcurl can inadvertently send the password from the initial connection to the redirected host. This sensitive information disclosure occurs when both the original and redirect URLs use clear text HTTP, are performed over the same HTTP proxy, and the same connection is reused. This vulnerability, categorized as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200), could allow an attacker to obtain user credentials.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6429 https://bugzilla.redhat.com/show_bug.cgi?id=2461205 https://www.cve.org/CVERecord?id=CVE-2026-6429 https://nvd.nist.gov/vuln/detail/CVE-2026-6429 https://curl.se/docs/CVE-2026-6429.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6429.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ie7rkr8oApZOM9PK2gFB6A==": { "id": "Ie7rkr8oApZOM9PK2gFB6A==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IrRjtVOpf04EO7iAKFAznQ==": { "id": "IrRjtVOpf04EO7iAKFAznQ==", "updater": "rhel-vex", "name": "CVE-2026-0915", "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "issued": "2026-01-15T22:08:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0915 https://bugzilla.redhat.com/show_bug.cgi?id=2430201 https://www.cve.org/CVERecord?id=CVE-2026-0915 https://nvd.nist.gov/vuln/detail/CVE-2026-0915 https://sourceware.org/bugzilla/show_bug.cgi?id=33802 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0915.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "Iy2V+5RC7ENxxmnS9KdBOw==": { "id": "Iy2V+5RC7ENxxmnS9KdBOw==", "updater": "rhel-vex", "name": "CVE-2026-0915", "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "issued": "2026-01-15T22:08:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0915 https://bugzilla.redhat.com/show_bug.cgi?id=2430201 https://www.cve.org/CVERecord?id=CVE-2026-0915 https://nvd.nist.gov/vuln/detail/CVE-2026-0915 https://sourceware.org/bugzilla/show_bug.cgi?id=33802 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0915.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "JK4fCJz1Ja5lmfE/vF5PcQ==": { "id": "JK4fCJz1Ja5lmfE/vF5PcQ==", "updater": "rhel-vex", "name": "CVE-2025-66199", "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66199 https://bugzilla.redhat.com/show_bug.cgi?id=2430379 https://www.cve.org/CVERecord?id=CVE-2025-66199 https://nvd.nist.gov/vuln/detail/CVE-2025-66199 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66199.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "JqWXvYyB4T300h7KRcWtFA==": { "id": "JqWXvYyB4T300h7KRcWtFA==", "updater": "rhel-vex", "name": "CVE-2025-13601", "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "issued": "2025-11-24T13:00:15Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://www.cve.org/CVERecord?id=CVE-2025-13601 https://nvd.nist.gov/vuln/detail/CVE-2025-13601 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13601.json https://access.redhat.com/errata/RHSA-2026:0936", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-18.el9_7.1", "arch_op": "pattern match" }, "Jrkns8qeStFRPhcitcuZ4w==": { "id": "Jrkns8qeStFRPhcitcuZ4w==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "KCgZ2MK707GRfjAO2Q3SOA==": { "id": "KCgZ2MK707GRfjAO2Q3SOA==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "KMGV9rbVZ/vVUNSX6f+JqA==": { "id": "KMGV9rbVZ/vVUNSX6f+JqA==", "updater": "rhel-vex", "name": "CVE-2026-4111", "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "issued": "2026-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4111 https://bugzilla.redhat.com/show_bug.cgi?id=2446453 https://www.cve.org/CVERecord?id=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 https://github.com/libarchive/libarchive/pull/2877 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json https://access.redhat.com/errata/RHSA-2026:5080", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-7.el9_7", "arch_op": "pattern match" }, "Kqq2xlybjD/tOLmQWu2xPw==": { "id": "Kqq2xlybjD/tOLmQWu2xPw==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L1pkWyFlg006sdV2pKTg4A==": { "id": "L1pkWyFlg006sdV2pKTg4A==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-fips-provider", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LeWRqc+lggRL8KnG53e6CA==": { "id": "LeWRqc+lggRL8KnG53e6CA==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "Lhc4n2a9ma6eRDB/RCRmLQ==": { "id": "Lhc4n2a9ma6eRDB/RCRmLQ==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "LuirMfnv2JkWFEU8MUuKUQ==": { "id": "LuirMfnv2JkWFEU8MUuKUQ==", "updater": "rhel-vex", "name": "CVE-2025-13151", "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "issued": "2026-01-07T21:14:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13151 https://bugzilla.redhat.com/show_bug.cgi?id=2427698 https://www.cve.org/CVERecord?id=CVE-2025-13151 https://nvd.nist.gov/vuln/detail/CVE-2025-13151 https://gitlab.com/gnutls/libtasn1 https://gitlab.com/gnutls/libtasn1/-/merge_requests/121 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LxYgcRll4fEnbCHHZWt4BA==": { "id": "LxYgcRll4fEnbCHHZWt4BA==", "updater": "rhel-vex", "name": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "issued": "2026-03-30T07:44:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5121 https://bugzilla.redhat.com/show_bug.cgi?id=2452945 https://www.cve.org/CVERecord?id=CVE-2026-5121 https://nvd.nist.gov/vuln/detail/CVE-2026-5121 https://github.com/advisories/GHSA-2vwv-vqpv-v8vc https://github.com/libarchive/libarchive/pull/2934 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5121.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "M293c+QguJ/aaYP3cMwfyQ==": { "id": "M293c+QguJ/aaYP3cMwfyQ==", "updater": "rhel-vex", "name": "CVE-2026-28388", "description": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28388 https://bugzilla.redhat.com/show_bug.cgi?id=2451097 https://www.cve.org/CVERecord?id=CVE-2026-28388 https://nvd.nist.gov/vuln/detail/CVE-2026-28388 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28388.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MT27FBW6q+x91HBvTyGVKQ==": { "id": "MT27FBW6q+x91HBvTyGVKQ==", "updater": "rhel-vex", "name": "CVE-2026-4046", "description": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-30T17:16:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4046 https://bugzilla.redhat.com/show_bug.cgi?id=2453117 https://www.cve.org/CVERecord?id=CVE-2026-4046 https://nvd.nist.gov/vuln/detail/CVE-2026-4046 https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/ https://sourceware.org/bugzilla/show_bug.cgi?id=33980 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4046.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "N7otM4CJgwQwy0Mz0UA3Vw==": { "id": "N7otM4CJgwQwy0Mz0UA3Vw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "NrTzMmbWyM5UeSvnQVNLOg==": { "id": "NrTzMmbWyM5UeSvnQVNLOg==", "updater": "rhel-vex", "name": "CVE-2026-0988", "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0988 https://bugzilla.redhat.com/show_bug.cgi?id=2429886 https://www.cve.org/CVERecord?id=CVE-2026-0988 https://nvd.nist.gov/vuln/detail/CVE-2026-0988 https://gitlab.gnome.org/GNOME/glib/-/issues/3851 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0988.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OB9n4NdBrq+3wlcM9+90Dg==": { "id": "OB9n4NdBrq+3wlcM9+90Dg==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "PUCpgzV2LGcCb5yPJbawGw==": { "id": "PUCpgzV2LGcCb5yPJbawGw==", "updater": "rhel-vex", "name": "CVE-2025-68973", "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "issued": "2025-12-28T16:19:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68973 https://bugzilla.redhat.com/show_bug.cgi?id=2425966 https://www.cve.org/CVERecord?id=CVE-2025-68973 https://nvd.nist.gov/vuln/detail/CVE-2025-68973 https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306 https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 https://gpg.fail/memcpy https://news.ycombinator.com/item?id=46403200 https://www.openwall.com/lists/oss-security/2025/12/28/5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68973.json https://access.redhat.com/errata/RHSA-2026:0719", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.3.3-5.el9_7", "arch_op": "pattern match" }, "PrCrIesi0sSvMQjPpvxecw==": { "id": "PrCrIesi0sSvMQjPpvxecw==", "updater": "rhel-vex", "name": "CVE-2025-14512", "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "issued": "2025-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14512 https://bugzilla.redhat.com/show_bug.cgi?id=2421339 https://www.cve.org/CVERecord?id=CVE-2025-14512 https://nvd.nist.gov/vuln/detail/CVE-2025-14512 https://gitlab.gnome.org/GNOME/glib/-/issues/3845 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14512.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Pza9Y2xtH9MChVMkZwgw2A==": { "id": "Pza9Y2xtH9MChVMkZwgw2A==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q6o565VsHFcmyuOW6jCOGw==": { "id": "Q6o565VsHFcmyuOW6jCOGw==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "QSP4YGVknCXnnhDrDAxftg==": { "id": "QSP4YGVknCXnnhDrDAxftg==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json https://access.redhat.com/errata/RHSA-2025:22660", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.7", "arch_op": "pattern match" }, "Qbjoqw6Ot3cGOKNyQYBo4g==": { "id": "Qbjoqw6Ot3cGOKNyQYBo4g==", "updater": "rhel-vex", "name": "CVE-2025-14087", "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14087 https://bugzilla.redhat.com/show_bug.cgi?id=2419093 https://www.cve.org/CVERecord?id=CVE-2025-14087 https://nvd.nist.gov/vuln/detail/CVE-2025-14087 https://gitlab.gnome.org/GNOME/glib/-/issues/3834 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14087.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QskDoDnTSvrQeDXklM4YOw==": { "id": "QskDoDnTSvrQeDXklM4YOw==", "updater": "rhel-vex", "name": "CVE-2026-4105", "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "issued": "2026-03-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4105 https://bugzilla.redhat.com/show_bug.cgi?id=2447262 https://www.cve.org/CVERecord?id=CVE-2026-4105 https://nvd.nist.gov/vuln/detail/CVE-2026-4105 https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4105.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RHShqbO2hqcBNPYbKDg/3A==": { "id": "RHShqbO2hqcBNPYbKDg/3A==", "updater": "rhel-vex", "name": "CVE-2026-6732", "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "issued": "2026-04-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6732 https://bugzilla.redhat.com/show_bug.cgi?id=2461300 https://www.cve.org/CVERecord?id=CVE-2026-6732 https://nvd.nist.gov/vuln/detail/CVE-2026-6732 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097 https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6732.json", "severity": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S5Dzz9cigoJDCj8s5UcT0g==": { "id": "S5Dzz9cigoJDCj8s5UcT0g==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SYSyRuW2vXdWcXLSfRP1aQ==": { "id": "SYSyRuW2vXdWcXLSfRP1aQ==", "updater": "rhel-vex", "name": "CVE-2025-15281", "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "issued": "2026-01-20T13:22:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15281 https://bugzilla.redhat.com/show_bug.cgi?id=2431196 https://www.cve.org/CVERecord?id=CVE-2025-15281 https://nvd.nist.gov/vuln/detail/CVE-2025-15281 https://sourceware.org/bugzilla/show_bug.cgi?id=33814 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15281.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "T+jfDhqJcXwVQ38oWEz/6g==": { "id": "T+jfDhqJcXwVQ38oWEz/6g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libsmartcols", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "TccjTp2Y8sTyWrjrm24IKA==": { "id": "TccjTp2Y8sTyWrjrm24IKA==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libmount", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "TwoNniaY2Urt7TF64epJXg==": { "id": "TwoNniaY2Urt7TF64epJXg==", "updater": "rhel-vex", "name": "CVE-2026-31790", "description": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31790 https://bugzilla.redhat.com/show_bug.cgi?id=2451094 https://www.cve.org/CVERecord?id=CVE-2026-31790 https://nvd.nist.gov/vuln/detail/CVE-2026-31790 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31790.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VWEbeFnFOHy1IkG21b5a5g==": { "id": "VWEbeFnFOHy1IkG21b5a5g==", "updater": "rhel-vex", "name": "CVE-2023-30571", "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "issued": "2023-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VYGbkY0i6P3tRJd9mM1wNg==": { "id": "VYGbkY0i6P3tRJd9mM1wNg==", "updater": "rhel-vex", "name": "CVE-2026-1489", "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1489 https://bugzilla.redhat.com/show_bug.cgi?id=2433348 https://www.cve.org/CVERecord?id=CVE-2026-1489 https://nvd.nist.gov/vuln/detail/CVE-2026-1489 https://gitlab.gnome.org/GNOME/glib/-/issues/3872 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1489.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WP0Zjo/ORuC7+jbSIrru8A==": { "id": "WP0Zjo/ORuC7+jbSIrru8A==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "Wt2cDYMEpulwA9twmA26Tg==": { "id": "Wt2cDYMEpulwA9twmA26Tg==", "updater": "rhel-vex", "name": "CVE-2026-31790", "description": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31790 https://bugzilla.redhat.com/show_bug.cgi?id=2451094 https://www.cve.org/CVERecord?id=CVE-2026-31790 https://nvd.nist.gov/vuln/detail/CVE-2026-31790 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31790.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-fips-provider", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WxO9le6q4ACTs4KnSuckDw==": { "id": "WxO9le6q4ACTs4KnSuckDw==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json https://access.redhat.com/errata/RHSA-2025:20559", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-15.el9", "arch_op": "pattern match" }, "X4Ym25zfqcH7/samBN+yPw==": { "id": "X4Ym25zfqcH7/samBN+yPw==", "updater": "rhel-vex", "name": "CVE-2026-5545", "description": "A flaw was found in libcurl. An application using libcurl that performs an authenticated HTTP(S) request after a Negotiate-authenticated one to the same host may incorrectly reuse the previous connection. This authentication bypass vulnerability allows the second request to be sent over a connection authenticated with different credentials, potentially leading to unauthorized access or information disclosure.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5545 https://bugzilla.redhat.com/show_bug.cgi?id=2461204 https://www.cve.org/CVERecord?id=CVE-2026-5545 https://nvd.nist.gov/vuln/detail/CVE-2026-5545 https://curl.se/docs/CVE-2026-5545.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5545.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X7DmUVoCri5i6vdYVBBgXg==": { "id": "X7DmUVoCri5i6vdYVBBgXg==", "updater": "rhel-vex", "name": "CVE-2026-1965", "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "issued": "2026-03-11T10:08:52Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1965 https://bugzilla.redhat.com/show_bug.cgi?id=2446448 https://www.cve.org/CVERecord?id=CVE-2026-1965 https://nvd.nist.gov/vuln/detail/CVE-2026-1965 https://curl.se/docs/CVE-2026-1965.html https://curl.se/docs/CVE-2026-1965.json https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1965.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XPUXyp+BOEJyEGOgXafi8Q==": { "id": "XPUXyp+BOEJyEGOgXafi8Q==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XdzUGUJMTsfPfs79OXKU4Q==": { "id": "XdzUGUJMTsfPfs79OXKU4Q==", "updater": "rhel-vex", "name": "CVE-2025-14831", "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "issued": "2026-02-09T14:26:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14831 https://bugzilla.redhat.com/show_bug.cgi?id=2423177 https://www.cve.org/CVERecord?id=CVE-2025-14831 https://nvd.nist.gov/vuln/detail/CVE-2025-14831 https://gitlab.com/gnutls/gnutls/-/issues/1773 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14831.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "YIlv6HIDfGqvZL/MDTWWpg==": { "id": "YIlv6HIDfGqvZL/MDTWWpg==", "updater": "rhel-vex", "name": "CVE-2026-3805", "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "issued": "2026-03-11T10:09:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3805 https://bugzilla.redhat.com/show_bug.cgi?id=2446451 https://www.cve.org/CVERecord?id=CVE-2026-3805 https://nvd.nist.gov/vuln/detail/CVE-2026-3805 http://www.openwall.com/lists/oss-security/2026/03/11/4 https://curl.se/docs/CVE-2026-3805.html https://curl.se/docs/CVE-2026-3805.json https://hackerone.com/reports/3591944 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3805.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YX2rGofSXHBcNhTOGpNkAA==": { "id": "YX2rGofSXHBcNhTOGpNkAA==", "updater": "rhel-vex", "name": "CVE-2026-4424", "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://www.cve.org/CVERecord?id=CVE-2026-4424 https://nvd.nist.gov/vuln/detail/CVE-2026-4424 https://github.com/libarchive/libarchive/pull/2898 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "YtNpM5pykErH+UBXZABWdg==": { "id": "YtNpM5pykErH+UBXZABWdg==", "updater": "rhel-vex", "name": "CVE-2026-28390", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T22:00:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28390 https://bugzilla.redhat.com/show_bug.cgi?id=2456314 https://www.cve.org/CVERecord?id=CVE-2026-28390 https://nvd.nist.gov/vuln/detail/CVE-2026-28390 https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6 https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4 https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788 https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28390.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a9FllBAJiFi5FeYl0KG4aQ==": { "id": "a9FllBAJiFi5FeYl0KG4aQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aOUfuyvyyWEe7Z1IZT+fGw==": { "id": "aOUfuyvyyWEe7Z1IZT+fGw==", "updater": "rhel-vex", "name": "CVE-2026-34743", "description": "A flaw was found in XZ Utils. When the `lzma_index_decoder()` function processes an empty index, and a subsequent `lzma_index_append()` operation is performed, insufficient memory is allocated. This can lead to a buffer overflow, potentially causing a denial of service (DoS) for affected systems.", "issued": "2026-04-02T18:36:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34743 https://bugzilla.redhat.com/show_bug.cgi?id=2454589 https://www.cve.org/CVERecord?id=CVE-2026-34743 https://nvd.nist.gov/vuln/detail/CVE-2026-34743 https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87 https://github.com/tukaani-project/xz/releases/tag/v5.8.3 https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34743.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "xz", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ae3lHA7MmabWs4AIbhandQ==": { "id": "ae3lHA7MmabWs4AIbhandQ==", "updater": "rhel-vex", "name": "CVE-2026-3833", "description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", "issued": "2026-04-30T17:26:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3833 https://bugzilla.redhat.com/show_bug.cgi?id=2445763 https://www.cve.org/CVERecord?id=CVE-2026-3833 https://nvd.nist.gov/vuln/detail/CVE-2026-3833 https://gitlab.com/gnutls/gnutls/-/issues/1803 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3833.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bOC69k4Gpn8Av1w/ra2Tdw==": { "id": "bOC69k4Gpn8Av1w/ra2Tdw==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libuuid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "bgJs7DKkcMwNTsh9yTDgQg==": { "id": "bgJs7DKkcMwNTsh9yTDgQg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libblkid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "bjyLMZdYnkrpUxDySiQ34Q==": { "id": "bjyLMZdYnkrpUxDySiQ34Q==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "bugTfOdgCaATW4vTnuXTSQ==": { "id": "bugTfOdgCaATW4vTnuXTSQ==", "updater": "rhel-vex", "name": "CVE-2025-70873", "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "issued": "2026-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-70873 https://bugzilla.redhat.com/show_bug.cgi?id=2447086 https://www.cve.org/CVERecord?id=CVE-2025-70873 https://nvd.nist.gov/vuln/detail/CVE-2025-70873 https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054 https://sqlite.org/forum/forumpost/761eac3c82 https://sqlite.org/src/info/3d459f1fb1bd1b5e https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70873.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d/522T+B/ARMNSG+3QfAWA==": { "id": "d/522T+B/ARMNSG+3QfAWA==", "updater": "rhel-vex", "name": "CVE-2026-22185", "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "issued": "2026-01-07T20:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22185 https://bugzilla.redhat.com/show_bug.cgi?id=2427679 https://www.cve.org/CVERecord?id=CVE-2026-22185 https://nvd.nist.gov/vuln/detail/CVE-2026-22185 https://seclists.org/fulldisclosure/2026/Jan/5 https://seclists.org/fulldisclosure/2026/Jan/8 https://www.openldap.org/ https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22185.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openldap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d0nPfXoEZybRuV9TMDY3YQ==": { "id": "d0nPfXoEZybRuV9TMDY3YQ==", "updater": "rhel-vex", "name": "CVE-2026-6253", "description": "A flaw was found in curl. When curl is configured to use distinct proxies for different URL schemes, a redirect from a URL using an authenticated proxy to one using an unauthenticated proxy can inadvertently expose the initial proxy's credentials. This improper credential management (CWE-522) may allow an attacker to gain unauthorized access or information by intercepting these disclosed credentials.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6253 https://bugzilla.redhat.com/show_bug.cgi?id=2461202 https://www.cve.org/CVERecord?id=CVE-2026-6253 https://nvd.nist.gov/vuln/detail/CVE-2026-6253 https://curl.se/docs/CVE-2026-6253.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6253.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e/EuZlSZUQTHCSl8kHuFag==": { "id": "e/EuZlSZUQTHCSl8kHuFag==", "updater": "rhel-vex", "name": "CVE-2025-11187", "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11187 https://bugzilla.redhat.com/show_bug.cgi?id=2430375 https://www.cve.org/CVERecord?id=CVE-2025-11187 https://nvd.nist.gov/vuln/detail/CVE-2025-11187 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11187.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "e0/Fzu8wfMZp9zX32i9rMQ==": { "id": "e0/Fzu8wfMZp9zX32i9rMQ==", "updater": "rhel-vex", "name": "CVE-2026-27456", "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "issued": "2026-04-03T21:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27456 https://bugzilla.redhat.com/show_bug.cgi?id=2454956 https://www.cve.org/CVERecord?id=CVE-2026-27456 https://nvd.nist.gov/vuln/detail/CVE-2026-27456 https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4 https://github.com/util-linux/util-linux/releases/tag/v2.41.4 https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27456.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e0VfCD1REapdkagkByCnXQ==": { "id": "e0VfCD1REapdkagkByCnXQ==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eUh0vSDVmqXTnsB7jL0b4g==": { "id": "eUh0vSDVmqXTnsB7jL0b4g==", "updater": "rhel-vex", "name": "CVE-2026-5121", "description": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.", "issued": "2026-03-30T07:44:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5121 https://bugzilla.redhat.com/show_bug.cgi?id=2452945 https://www.cve.org/CVERecord?id=CVE-2026-5121 https://nvd.nist.gov/vuln/detail/CVE-2026-5121 https://github.com/advisories/GHSA-2vwv-vqpv-v8vc https://github.com/libarchive/libarchive/pull/2934 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5121.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "f6oGdnhZomBa/bs3snB3kA==": { "id": "f6oGdnhZomBa/bs3snB3kA==", "updater": "rhel-vex", "name": "CVE-2025-14831", "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "issued": "2026-02-09T14:26:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14831 https://bugzilla.redhat.com/show_bug.cgi?id=2423177 https://www.cve.org/CVERecord?id=CVE-2025-14831 https://nvd.nist.gov/vuln/detail/CVE-2025-14831 https://gitlab.com/gnutls/gnutls/-/issues/1773 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14831.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "fFM0zIKtKuexRqlZMkzQpg==": { "id": "fFM0zIKtKuexRqlZMkzQpg==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "g6ZHihkpvpkr3oZoVOs05w==": { "id": "g6ZHihkpvpkr3oZoVOs05w==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "gg6QYPBlPoN8zpwNyr7x6w==": { "id": "gg6QYPBlPoN8zpwNyr7x6w==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json https://access.redhat.com/errata/RHSA-2026:13677", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.9", "arch_op": "pattern match" }, "hHDtCxiuvJ9VSCSwnEG0Fw==": { "id": "hHDtCxiuvJ9VSCSwnEG0Fw==", "updater": "rhel-vex", "name": "CVE-2026-27135", "description": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "issued": "2026-03-18T17:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27135 https://bugzilla.redhat.com/show_bug.cgi?id=2448754 https://www.cve.org/CVERecord?id=CVE-2026-27135 https://nvd.nist.gov/vuln/detail/CVE-2026-27135 https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json https://access.redhat.com/errata/RHSA-2026:7668", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-6.el9_7.1", "arch_op": "pattern match" }, "iF/o4aDbQf1DAw7R+LiVQw==": { "id": "iF/o4aDbQf1DAw7R+LiVQw==", "updater": "rhel-vex", "name": "CVE-2025-68972", "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "issued": "2025-12-27T22:52:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68972 https://bugzilla.redhat.com/show_bug.cgi?id=2425646 https://www.cve.org/CVERecord?id=CVE-2025-68972 https://nvd.nist.gov/vuln/detail/CVE-2025-68972 https://gpg.fail/formfeed https://news.ycombinator.com/item?id=46404339 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icr9XD5DN3YDWvP3naYL+g==": { "id": "icr9XD5DN3YDWvP3naYL+g==", "updater": "rhel-vex", "name": "CVE-2026-5450", "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "issued": "2026-04-20T20:55:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5450 https://bugzilla.redhat.com/show_bug.cgi?id=2459853 https://www.cve.org/CVERecord?id=CVE-2026-5450 https://nvd.nist.gov/vuln/detail/CVE-2026-5450 https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997 https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5450.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ija3h8P09PxwjEuLSUS2HA==": { "id": "ija3h8P09PxwjEuLSUS2HA==", "updater": "rhel-vex", "name": "CVE-2026-4438", "description": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.", "issued": "2026-03-20T19:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4438 https://bugzilla.redhat.com/show_bug.cgi?id=2449783 https://www.cve.org/CVERecord?id=CVE-2026-4438 https://nvd.nist.gov/vuln/detail/CVE-2026-4438 https://sourceware.org/bugzilla/show_bug.cgi?id=34015 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4438.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ixD2h349uZz3eCy55KxIlw==": { "id": "ixD2h349uZz3eCy55KxIlw==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "ixc06f0H9vqMfsbwQSwwvA==": { "id": "ixc06f0H9vqMfsbwQSwwvA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j/vFtwZCr4ow5q2VPKgR9g==": { "id": "j/vFtwZCr4ow5q2VPKgR9g==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "jiVVTQmOtKqVixv7agF/Hg==": { "id": "jiVVTQmOtKqVixv7agF/Hg==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ki2PMarj2WoMKDbw3+XV3A==": { "id": "ki2PMarj2WoMKDbw3+XV3A==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json https://access.redhat.com/errata/RHSA-2026:13677", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-55.el9_7.9", "arch_op": "pattern match" }, "klH60uFrR0WkawaSlcOEKg==": { "id": "klH60uFrR0WkawaSlcOEKg==", "updater": "rhel-vex", "name": "CVE-2026-1484", "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1484 https://bugzilla.redhat.com/show_bug.cgi?id=2433259 https://www.cve.org/CVERecord?id=CVE-2026-1484 https://nvd.nist.gov/vuln/detail/CVE-2026-1484 https://gitlab.gnome.org/GNOME/glib/-/issues/3870 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1484.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "l1pK1ezh6e0g8I+Dp2iK7w==": { "id": "l1pK1ezh6e0g8I+Dp2iK7w==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "l6IrI73Pg+lrisEtcgX+0Q==": { "id": "l6IrI73Pg+lrisEtcgX+0Q==", "updater": "rhel-vex", "name": "CVE-2026-3784", "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "issued": "2026-03-11T10:09:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3784 https://bugzilla.redhat.com/show_bug.cgi?id=2446449 https://www.cve.org/CVERecord?id=CVE-2026-3784 https://nvd.nist.gov/vuln/detail/CVE-2026-3784 http://www.openwall.com/lists/oss-security/2026/03/11/3 https://curl.se/docs/CVE-2026-3784.html https://curl.se/docs/CVE-2026-3784.json https://hackerone.com/reports/3584903 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3784.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lQBARBTddFvexevUD04GZA==": { "id": "lQBARBTddFvexevUD04GZA==", "updater": "rhel-vex", "name": "CVE-2026-5745", "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5745 https://bugzilla.redhat.com/show_bug.cgi?id=2455921 https://www.cve.org/CVERecord?id=CVE-2026-5745 https://nvd.nist.gov/vuln/detail/CVE-2026-5745 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5745.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lppk3oI+Rm/KVCEYBGVKcg==": { "id": "lppk3oI+Rm/KVCEYBGVKcg==", "updater": "rhel-vex", "name": "CVE-2026-40355", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40355 https://bugzilla.redhat.com/show_bug.cgi?id=2463370 https://www.cve.org/CVERecord?id=CVE-2026-40355 https://nvd.nist.gov/vuln/detail/CVE-2026-40355 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40355.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mJw+LvAbCoVMIOZXCXNFpg==": { "id": "mJw+LvAbCoVMIOZXCXNFpg==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mYgwcPpa/l0bTZdysqbplg==": { "id": "mYgwcPpa/l0bTZdysqbplg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json https://access.redhat.com/errata/RHSA-2025:22376", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-14.el9_7", "arch_op": "pattern match" }, "mZCCwO//htsOIXazj/SeOw==": { "id": "mZCCwO//htsOIXazj/SeOw==", "updater": "rhel-vex", "name": "CVE-2026-31789", "description": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31789 https://bugzilla.redhat.com/show_bug.cgi?id=2451095 https://www.cve.org/CVERecord?id=CVE-2026-31789 https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31789.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ncqqUTuMttuUZ8SF9/Ywrg==": { "id": "ncqqUTuMttuUZ8SF9/Ywrg==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "oqSc7q4k6wTno/u9knscCQ==": { "id": "oqSc7q4k6wTno/u9knscCQ==", "updater": "rhel-vex", "name": "CVE-2024-9681", "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "issued": "2024-11-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9681 https://bugzilla.redhat.com/show_bug.cgi?id=2322969 https://www.cve.org/CVERecord?id=CVE-2024-9681 https://nvd.nist.gov/vuln/detail/CVE-2024-9681 https://hackerone.com/reports/2764830 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9681.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qFIYjZJeFnLAVC7lR0n6oQ==": { "id": "qFIYjZJeFnLAVC7lR0n6oQ==", "updater": "rhel-vex", "name": "CVE-2026-0989", "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \u003cinclude\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0989 https://bugzilla.redhat.com/show_bug.cgi?id=2429933 https://www.cve.org/CVERecord?id=CVE-2026-0989 https://nvd.nist.gov/vuln/detail/CVE-2026-0989 https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0989.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rz/CPeG1fPitayrSa0BFxQ==": { "id": "rz/CPeG1fPitayrSa0BFxQ==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json https://access.redhat.com/errata/RHSA-2026:1350", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-35.el9_7.3", "arch_op": "pattern match" }, "sJNoOKrtqJYf9M2tWcTlqg==": { "id": "sJNoOKrtqJYf9M2tWcTlqg==", "updater": "rhel-vex", "name": "CVE-2025-15281", "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "issued": "2026-01-20T13:22:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15281 https://bugzilla.redhat.com/show_bug.cgi?id=2431196 https://www.cve.org/CVERecord?id=CVE-2025-15281 https://nvd.nist.gov/vuln/detail/CVE-2025-15281 https://sourceware.org/bugzilla/show_bug.cgi?id=33814 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15281.json https://access.redhat.com/errata/RHSA-2026:2786", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-231.el9_7.10", "arch_op": "pattern match" }, "smB1yCGhBb8gDhPAER7odg==": { "id": "smB1yCGhBb8gDhPAER7odg==", "updater": "rhel-vex", "name": "CVE-2025-14524", "description": "A flaw was found in curl. When an OAuth2 (Open Authorization) bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a different scheme like IMAP, LDAP, POP3, or SMTP, curl might incorrectly pass the bearer token to the new target host. This could lead to information disclosure, where sensitive authentication tokens are exposed to unintended recipients.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14524 https://bugzilla.redhat.com/show_bug.cgi?id=2426407 https://www.cve.org/CVERecord?id=CVE-2025-14524 https://nvd.nist.gov/vuln/detail/CVE-2025-14524 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14524.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "svCt47J2Zwa45xj8gn3U/w==": { "id": "svCt47J2Zwa45xj8gn3U/w==", "updater": "rhel-vex", "name": "CVE-2026-1485", "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1485 https://bugzilla.redhat.com/show_bug.cgi?id=2433325 https://www.cve.org/CVERecord?id=CVE-2026-1485 https://nvd.nist.gov/vuln/detail/CVE-2026-1485 https://gitlab.gnome.org/GNOME/glib/-/issues/3871 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1485.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sykv+pGN4TXggZNIwL/H4g==": { "id": "sykv+pGN4TXggZNIwL/H4g==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tbhLz74i3ShwS72WbIsoOA==": { "id": "tbhLz74i3ShwS72WbIsoOA==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u0cs09LPRVEEfen4PHM6gA==": { "id": "u0cs09LPRVEEfen4PHM6gA==", "updater": "rhel-vex", "name": "CVE-2026-0990", "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0990 https://bugzilla.redhat.com/show_bug.cgi?id=2429959 https://www.cve.org/CVERecord?id=CVE-2026-0990 https://nvd.nist.gov/vuln/detail/CVE-2026-0990 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0990.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u90uEyQ6vxfKeIQvjGNTHQ==": { "id": "u90uEyQ6vxfKeIQvjGNTHQ==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "uWz4SaM79VpO4EPAy+0C8g==": { "id": "uWz4SaM79VpO4EPAy+0C8g==", "updater": "rhel-vex", "name": "CVE-2026-5435", "description": "A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG (Transaction Signature) records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code.", "issued": "2026-04-28T11:58:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5435 https://bugzilla.redhat.com/show_bug.cgi?id=2463465 https://www.cve.org/CVERecord?id=CVE-2026-5435 https://nvd.nist.gov/vuln/detail/CVE-2026-5435 https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=34033 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5435.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uaetuJImncB6wudykQLpEA==": { "id": "uaetuJImncB6wudykQLpEA==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uu3d3lIlYVCZwOjqoNec3g==": { "id": "uu3d3lIlYVCZwOjqoNec3g==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libblkid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "vljECkHLXvnkFYEiPVK0gQ==": { "id": "vljECkHLXvnkFYEiPVK0gQ==", "updater": "rhel-vex", "name": "CVE-2026-33845", "description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "issued": "2026-04-30T17:28:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33845 https://bugzilla.redhat.com/show_bug.cgi?id=2450624 https://www.cve.org/CVERecord?id=CVE-2026-33845 https://nvd.nist.gov/vuln/detail/CVE-2026-33845 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33845.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vnI8VBZMnSK/Spr6qFIUOA==": { "id": "vnI8VBZMnSK/Spr6qFIUOA==", "updater": "rhel-vex", "name": "CVE-2026-4873", "description": "A flaw was found in curl. A remote attacker could exploit this by initiating an unencrypted connection (via IMAP, SMTP, or POP3) and then making a subsequent request to the same host that requires Transport Layer Security (TLS). Due to incorrect connection reuse, the subsequent request would bypass the TLS requirement, leading to the transmission of sensitive information in cleartext. This vulnerability, categorized as Cleartext Transmission of Sensitive Information (CWE-319), results in information disclosure.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4873 https://bugzilla.redhat.com/show_bug.cgi?id=2461200 https://www.cve.org/CVERecord?id=CVE-2026-4873 https://nvd.nist.gov/vuln/detail/CVE-2026-4873 https://curl.se/docs/CVE-2026-4873.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4873.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vtpIIEEoAREfzDi0+K26Fg==": { "id": "vtpIIEEoAREfzDi0+K26Fg==", "updater": "rhel-vex", "name": "CVE-2026-4424", "description": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://www.cve.org/CVERecord?id=CVE-2026-4424 https://nvd.nist.gov/vuln/detail/CVE-2026-4424 https://github.com/libarchive/libarchive/pull/2898 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json https://access.redhat.com/errata/RHSA-2026:8510", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-9.el9_7", "arch_op": "pattern match" }, "xxrOMZzPk7ETmnvrIjBo0A==": { "id": "xxrOMZzPk7ETmnvrIjBo0A==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y/3qWQj3xOUQpm2CUr+ftg==": { "id": "y/3qWQj3xOUQpm2CUr+ftg==", "updater": "rhel-vex", "name": "CVE-2025-9820", "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "issued": "2025-11-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9820 https://bugzilla.redhat.com/show_bug.cgi?id=2392528 https://www.cve.org/CVERecord?id=CVE-2025-9820 https://nvd.nist.gov/vuln/detail/CVE-2025-9820 https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 https://gitlab.com/gnutls/gnutls/-/issues/1732 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9820.json https://access.redhat.com/errata/RHSA-2026:4188", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-10.el9_7", "arch_op": "pattern match" }, "y7I268PAr74OoToX85XE8w==": { "id": "y7I268PAr74OoToX85XE8w==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json https://access.redhat.com/errata/RHSA-2026:1473", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-7.el9_7", "arch_op": "pattern match" }, "yUucg71orzE08FiDgaKBPQ==": { "id": "yUucg71orzE08FiDgaKBPQ==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "ymKqobod4xPivmLT/iq9oQ==": { "id": "ymKqobod4xPivmLT/iq9oQ==", "updater": "rhel-vex", "name": "CVE-2026-41990", "description": "A flaw was found in Libgcrypt. During Dilithium signing operations, the library fails to perform a bounds check when writing to a static array. While the data involved is not directly controlled by an attacker, this vulnerability could lead to memory corruption, potentially resulting in a denial of service (DoS) or affecting data integrity.", "issued": "2026-04-23T04:39:04Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41990 https://bugzilla.redhat.com/show_bug.cgi?id=2461068 https://www.cve.org/CVERecord?id=CVE-2026-41990 https://nvd.nist.gov/vuln/detail/CVE-2026-41990 https://dev.gnupg.org/T8208 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41990.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yzZzF1vLZmeTiLJMgY7W0Q==": { "id": "yzZzF1vLZmeTiLJMgY7W0Q==", "updater": "rhel-vex", "name": "CVE-2025-7039", "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "issued": "2025-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7039 https://bugzilla.redhat.com/show_bug.cgi?id=2392423 https://www.cve.org/CVERecord?id=CVE-2025-7039 https://nvd.nist.gov/vuln/detail/CVE-2025-7039 https://gitlab.gnome.org/GNOME/glib/-/issues/3716 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7039.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "z/beWyrkyrQJfgGCkMIsWg==": { "id": "z/beWyrkyrQJfgGCkMIsWg==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libsmartcols", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "zmNQpHydwXFAJmLcFFYiyQ==": { "id": "zmNQpHydwXFAJmLcFFYiyQ==", "updater": "rhel-vex", "name": "CVE-2025-14104", "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14104 https://bugzilla.redhat.com/show_bug.cgi?id=2419369 https://www.cve.org/CVERecord?id=CVE-2025-14104 https://nvd.nist.gov/vuln/detail/CVE-2025-14104 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14104.json https://access.redhat.com/errata/RHSA-2026:1913", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libuuid", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.37.4-21.el9_7", "arch_op": "pattern match" }, "znnZtQrOfSxqGV/OZKzI5g==": { "id": "znnZtQrOfSxqGV/OZKzI5g==", "updater": "rhel-vex", "name": "CVE-2026-4111", "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "issued": "2026-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4111 https://bugzilla.redhat.com/show_bug.cgi?id=2446453 https://www.cve.org/CVERecord?id=CVE-2026-4111 https://nvd.nist.gov/vuln/detail/CVE-2026-4111 https://github.com/libarchive/libarchive/pull/2877 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4111.json https://access.redhat.com/errata/RHSA-2026:5080", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-7.el9_7", "arch_op": "pattern match" }, "zqGJegkbTlVqcHBa6HtRTQ==": { "id": "zqGJegkbTlVqcHBa6HtRTQ==", "updater": "rhel-vex", "name": "CVE-2025-14017", "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "issued": "2026-01-08T10:07:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14017 https://bugzilla.redhat.com/show_bug.cgi?id=2427870 https://www.cve.org/CVERecord?id=CVE-2025-14017 https://nvd.nist.gov/vuln/detail/CVE-2025-14017 https://curl.se/docs/CVE-2025-14017.html https://curl.se/docs/CVE-2025-14017.json https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14017.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+bwl6UbMaWOBWdHNekJsEw==": [ "AD3UsMwxeXvBzVWIm5l5yw==" ], "/L1kFEoHZTukrNTCQLypFQ==": [ "aOUfuyvyyWEe7Z1IZT+fGw==" ], "/ub7EE8Da46T0x7lRdlVJg==": [ "z/beWyrkyrQJfgGCkMIsWg==", "T+jfDhqJcXwVQ38oWEz/6g==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "2gCbp4kt+cF44NF/LqukDg==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "6WyRl8U3PR6ipKlxqlBzFA==": [ "tbhLz74i3ShwS72WbIsoOA==" ], "7mDaaxs3ev+uNEDYC97U3Q==": [ "1npmxgSnoYj2MyAhQMaE7g==" ], "7ra56f21gLrcSpBD8a9+NQ==": [ "BheYJlsY7UG2Ru8eF1IU4g==", "TccjTp2Y8sTyWrjrm24IKA==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "CpfomSYboaXPZ9yn9NgGgw==": [ "lppk3oI+Rm/KVCEYBGVKcg==", "7aI+wyLEqkIPj2Wh4f1UKg==" ], "FZ9gWulzkx76xjTSH/yM/g==": [ "L1pkWyFlg006sdV2pKTg4A==", "Wt2cDYMEpulwA9twmA26Tg==" ], "FrUQI+koTfbikRk1jsFd0w==": [ "XPUXyp+BOEJyEGOgXafi8Q==" ], "IZ65O3ZOapykHwhaOX1/YA==": [ "hHDtCxiuvJ9VSCSwnEG0Fw==" ], "KXUGN6voGlWUMRN5TCFy4w==": [ "ki2PMarj2WoMKDbw3+XV3A==", "QSP4YGVknCXnnhDrDAxftg==", "gg6QYPBlPoN8zpwNyr7x6w==", "DrIVK8+yvV91OzF2CS9o5A==", "QskDoDnTSvrQeDXklM4YOw==" ], "M9YTWinowLqOqX/+8mbhjg==": [ "LeWRqc+lggRL8KnG53e6CA==", "g6ZHihkpvpkr3oZoVOs05w==", "HxI42iSjURjRki+uV6q/9w==", "bugTfOdgCaATW4vTnuXTSQ==" ], "O1acB+rpl9OLkk9I6phF7Q==": [ "WxO9le6q4ACTs4KnSuckDw==" ], "OCIjbR16ktOEiFK36r0WNw==": [ "LuirMfnv2JkWFEU8MUuKUQ==" ], "OaFmq38HlbKLTTEM/qATzg==": [ "rz/CPeG1fPitayrSa0BFxQ==", "l1pK1ezh6e0g8I+Dp2iK7w==", "Pza9Y2xtH9MChVMkZwgw2A==", "8MfvwX+dRI6Qt2H+x71rZg==", "X4Ym25zfqcH7/samBN+yPw==", "H1wshPoazj8pmzsnWAztZA==", "a9FllBAJiFi5FeYl0KG4aQ==", "X7DmUVoCri5i6vdYVBBgXg==", "smB1yCGhBb8gDhPAER7odg==", "zqGJegkbTlVqcHBa6HtRTQ==", "+TrS27bZKgEeir9pISurnQ==", "FQwXyPZ+oHyxQZ9RBQXbpw==", "3UNcgW64Eji4iyY2ZDB1cg==", "IFUwSX5dX69QHRHfvOeQDg==", "d0nPfXoEZybRuV9TMDY3YQ==", "oqSc7q4k6wTno/u9knscCQ==", "vnI8VBZMnSK/Spr6qFIUOA==", "l6IrI73Pg+lrisEtcgX+0Q==", "6rEIsdyQtCC456AuGwgsDQ==", "YIlv6HIDfGqvZL/MDTWWpg==" ], "P5Om9zCJ/QZ+hnrEvj6fGw==": [ "APh1+6yq/mlF0fXLxUkIDw==", "ymKqobod4xPivmLT/iq9oQ==" ], "PIk2BBAWexCFofMi5q03RA==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "S8p9UGak1oycptcpYp/1eg==": [ "d/522T+B/ARMNSG+3QfAWA==" ], "SjQtW3gQmgt+Qj8JlnY4Mg==": [ "bgJs7DKkcMwNTsh9yTDgQg==", "uu3d3lIlYVCZwOjqoNec3g==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "WtG8AvirpmNJ8wVE+fxfGQ==": [ "FLpBF1y0CvCfFuXOmlaRZw==", "8kndQj/aRn+NNJdGVP9v4g==", "F4WBuBnk4OQIl1a5Q4CVPg==", "u0cs09LPRVEEfen4PHM6gA==", "AwYRRq6SmgfJLn2NZxQUdw==", "RHShqbO2hqcBNPYbKDg/3A==", "qFIYjZJeFnLAVC7lR0n6oQ==", "DTApvRZh1HJD5XbbpU3ahw==", "8ZCpE1M7eqNdy615aO2gLQ==", "jiVVTQmOtKqVixv7agF/Hg==", "mYgwcPpa/l0bTZdysqbplg==" ], "XJlS+gwEt7T+nNr/Bflqzg==": [ "59oEBlU3jh6EL6gtZDUaug==", "icr9XD5DN3YDWvP3naYL+g==", "uWz4SaM79VpO4EPAy+0C8g==", "MT27FBW6q+x91HBvTyGVKQ==", "9bjl4H6CMWLL3h1g5y6i9Q==", "ija3h8P09PxwjEuLSUS2HA==" ], "XMkvB1ljVS0bNTUu2UEs3g==": [ "XPUXyp+BOEJyEGOgXafi8Q==" ], "ZabCZVOpeuHGnRiGdzqBig==": [ "L1pkWyFlg006sdV2pKTg4A==", "Wt2cDYMEpulwA9twmA26Tg==" ], "ayTA+mXRKgSCRl5LaqP4/w==": [ "JqWXvYyB4T300h7KRcWtFA==", "klH60uFrR0WkawaSlcOEKg==", "NrTzMmbWyM5UeSvnQVNLOg==", "svCt47J2Zwa45xj8gn3U/w==", "PrCrIesi0sSvMQjPpvxecw==", "VYGbkY0i6P3tRJd9mM1wNg==", "Qbjoqw6Ot3cGOKNyQYBo4g==", "e0VfCD1REapdkagkByCnXQ==", "yzZzF1vLZmeTiLJMgY7W0Q==", "ixc06f0H9vqMfsbwQSwwvA==", "Eh3WlvVSpgyvj1kaA5So7g==" ], "eK3V3oi6vbIfOQRAcWBYDw==": [ "59oEBlU3jh6EL6gtZDUaug==", "icr9XD5DN3YDWvP3naYL+g==", "uWz4SaM79VpO4EPAy+0C8g==", "MT27FBW6q+x91HBvTyGVKQ==", "9bjl4H6CMWLL3h1g5y6i9Q==", "ija3h8P09PxwjEuLSUS2HA==" ], "iVtx1BX52G3zRfk+g/oWIg==": [ "78ARTcr/iVbEbtXWNEyadA==", "7eKrcl3YwGJqhWmZNbH7Eg==", "WP0Zjo/ORuC7+jbSIrru8A==", "429KD7e1Cl6AyUZNBGOTQw==", "Argl342WI7oZtgSo+p9kMA==", "OB9n4NdBrq+3wlcM9+90Dg==", "fFM0zIKtKuexRqlZMkzQpg==", "JK4fCJz1Ja5lmfE/vF5PcQ==", "u90uEyQ6vxfKeIQvjGNTHQ==", "Q6o565VsHFcmyuOW6jCOGw==", "3bb0a18NQSPWO0aeq9twVw==", "KCgZ2MK707GRfjAO2Q3SOA==", "ncqqUTuMttuUZ8SF9/Ywrg==", "D7U85Qc3CYAscEzhSfT76A==", "e/EuZlSZUQTHCSl8kHuFag==", "ixD2h349uZz3eCy55KxIlw==", "yUucg71orzE08FiDgaKBPQ==", "j/vFtwZCr4ow5q2VPKgR9g==", "GWKQvGJTKzyU9GiQECoFhg==", "bjyLMZdYnkrpUxDySiQ34Q==", "5amguv6OT1njd8r+RXMCQQ==", "Jrkns8qeStFRPhcitcuZ4w==", "y7I268PAr74OoToX85XE8w==", "4u3exWl+MPcCOYOgbQLM+A==", "+U7CyAHaY71mhNm2Xnq2uw==", "/jvSCV2RwJ6c/Llx9z8uvA==", "6hAQW3vY9ZA/8datv1rY4g==", "0E1VjQWdmolR9lr9ElIZZQ==", "mZCCwO//htsOIXazj/SeOw==", "YtNpM5pykErH+UBXZABWdg==", "M293c+QguJ/aaYP3cMwfyQ==", "Ie7rkr8oApZOM9PK2gFB6A==", "2TDjlt2gAEWsLyBBPigFYw==", "TwoNniaY2Urt7TF64epJXg==", "5BksN0izCeDRrtFMsNCyvg==" ], "izPQpATHYfezyT+kcua/tQ==": [ "XdzUGUJMTsfPfs79OXKU4Q==", "1/8/Mjb4nleg0SsOivHAww==", "66LeUA2b+ILx/Qsv0eSJ5w==", "vljECkHLXvnkFYEiPVK0gQ==", "ae3lHA7MmabWs4AIbhandQ==", "f6oGdnhZomBa/bs3snB3kA==", "y/3qWQj3xOUQpm2CUr+ftg==" ], "kAEPeyZOK/FwFoG6mOFUbQ==": [ "72HhoIyfPMwkQyR2IF7qqw==", "DXoWfwXPN9ZCvCU/obObKQ==" ], "lad8JH31WlI0MsNEYhUWlA==": [ "Iy2V+5RC7ENxxmnS9KdBOw==", "SYSyRuW2vXdWcXLSfRP1aQ==", "1hhG+RKT0fsxlS/Wf/LWEA==", "59oEBlU3jh6EL6gtZDUaug==", "icr9XD5DN3YDWvP3naYL+g==", "uWz4SaM79VpO4EPAy+0C8g==", "MT27FBW6q+x91HBvTyGVKQ==", "9bjl4H6CMWLL3h1g5y6i9Q==", "ija3h8P09PxwjEuLSUS2HA==", "IrRjtVOpf04EO7iAKFAznQ==", "sJNoOKrtqJYf9M2tWcTlqg==", "+UOyQgpOAnrWS+mVMK5k1Q==" ], "mDM1q1sl0PqUWEn54kTSRw==": [ "N7otM4CJgwQwy0Mz0UA3Vw==", "Lhc4n2a9ma6eRDB/RCRmLQ==", "Pza9Y2xtH9MChVMkZwgw2A==", "8MfvwX+dRI6Qt2H+x71rZg==", "X4Ym25zfqcH7/samBN+yPw==", "H1wshPoazj8pmzsnWAztZA==", "a9FllBAJiFi5FeYl0KG4aQ==", "X7DmUVoCri5i6vdYVBBgXg==", "smB1yCGhBb8gDhPAER7odg==", "zqGJegkbTlVqcHBa6HtRTQ==", "+TrS27bZKgEeir9pISurnQ==", "FQwXyPZ+oHyxQZ9RBQXbpw==", "3UNcgW64Eji4iyY2ZDB1cg==", "IFUwSX5dX69QHRHfvOeQDg==", "d0nPfXoEZybRuV9TMDY3YQ==", "oqSc7q4k6wTno/u9knscCQ==", "vnI8VBZMnSK/Spr6qFIUOA==", "l6IrI73Pg+lrisEtcgX+0Q==", "6rEIsdyQtCC456AuGwgsDQ==", "YIlv6HIDfGqvZL/MDTWWpg==" ], "nzQEyt4JfkGeZIIHPiBhog==": [ "zmNQpHydwXFAJmLcFFYiyQ==", "bOC69k4Gpn8Av1w/ra2Tdw==", "e0/Fzu8wfMZp9zX32i9rMQ==" ], "nzlusFbkan5h1d1Ks+BKBQ==": [ "tbhLz74i3ShwS72WbIsoOA==" ], "rY/kE/V4JnxYoqV+lmc9mg==": [ "DDxCHnX+kCqcRQj9b90/cg==" ], "v3i4ez5juML2ZWwR+6dFFg==": [ "PUCpgzV2LGcCb5yPJbawGw==", "AUiFITCnRjRxctzqqbDeeA==", "iF/o4aDbQf1DAw7R+LiVQw==", "9iigvnuYDaC8UzcOIDLjIQ==", "GAn7gWUe2pFr7PbwechqxA==", "76z9Mpn8Jp7lhZSPsHTHug==" ], "wfJGCqOH8d+IYg/dAepx1A==": [ "eUh0vSDVmqXTnsB7jL0b4g==", "vtpIIEEoAREfzDi0+K26Fg==", "znnZtQrOfSxqGV/OZKzI5g==", "xxrOMZzPk7ETmnvrIjBo0A==", "uaetuJImncB6wudykQLpEA==", "76mWuVYhbmIFsc4DNorK9A==", "lQBARBTddFvexevUD04GZA==", "Ez8lHT2uV9Tf9vJC/T4WXg==", "Kqq2xlybjD/tOLmQWu2xPw==", "VWEbeFnFOHy1IkG21b5a5g==", "sykv+pGN4TXggZNIwL/H4g==", "mJw+LvAbCoVMIOZXCXNFpg==", "LxYgcRll4fEnbCHHZWt4BA==", "YX2rGofSXHBcNhTOGpNkAA==", "KMGV9rbVZ/vVUNSX6f+JqA==" ] }, "enrichments": {} } pod: gl-multi-component-parent-gykg-on-push-jmttl-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg@sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg@sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: gl-multi-component-parent-gykg-on-push-jmttl-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 4, "warnings": [ { "msg": "Found packages with high vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: libnghttp2-1.43.0-6.el9 (CVE-2026-27135), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-15467), sqlite-libs-3.34.1-8.el9_6 (CVE-2025-6965), gnupg2-2.3.3-4.el9 (CVE-2025-68973), libcap-2.48-9.el9_2 (CVE-2026-4878), libarchive-3.5.3-6.el9_6 (CVE-2026-4111, CVE-2026-4424)", "name": "clair_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 7 } }, { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: krb5-libs-1.21.1-8.el9_6 (CVE-2026-40356), gnutls-3.8.3-6.el9_6.2 (CVE-2026-33845)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 2 } }, { "msg": "Found packages with medium vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: glib2-2.68.4-16.el9_6.2 (CVE-2025-13601), libmount-2.37.4-21.el9 (CVE-2025-14104), libuuid-2.37.4-21.el9 (CVE-2025-14104), libsmartcols-2.37.4-21.el9 (CVE-2025-14104), systemd-libs-252-51.el9_6.2 (CVE-2025-4598, CVE-2026-29111), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2025-9086), gnutls-3.8.3-6.el9_6.2 (CVE-2025-14831), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-11187, CVE-2025-69419, CVE-2025-9230), curl-minimal-7.76.1-31.el9_6.1 (CVE-2025-9086), libxml2-2.9.13-12.el9_6 (CVE-2025-9714), libblkid-2.37.4-21.el9 (CVE-2025-14104), glibc-2.34-168.el9_6.23 (CVE-2026-0915), libarchive-3.5.3-6.el9_6 (CVE-2026-5121)", "name": "clair_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 16 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: glibc-minimal-langpack-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), coreutils-single-8.32-39.el9 (CVE-2025-5278), glib2-2.68.4-16.el9_6.2 (CVE-2025-14087, CVE-2025-14512, CVE-2026-1484, CVE-2026-1489), libmount-2.37.4-21.el9 (CVE-2026-27456), libuuid-2.37.4-21.el9 (CVE-2026-27456), libsmartcols-2.37.4-21.el9 (CVE-2026-27456), systemd-libs-252-51.el9_6.2 (CVE-2026-4105), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6429), krb5-libs-1.21.1-8.el9_6 (CVE-2026-40355), gnutls-3.8.3-6.el9_6.2 (CVE-2026-3833), openssl-fips-provider-so-3.0.7-6.el9_5 (CVE-2026-31790), glibc-common-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), openssl-fips-provider-3.0.7-6.el9_5 (CVE-2026-31790), libgcrypt-1.10.0-11.el9 (CVE-2026-41989), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2026-28390, CVE-2026-31790), xz-libs-5.2.5-8.el9_0 (CVE-2026-34743), curl-minimal-7.76.1-31.el9_6.1 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6429), libxml2-2.9.13-12.el9_6 (CVE-2026-0990, CVE-2026-1757, CVE-2026-6732), libblkid-2.37.4-21.el9 (CVE-2026-27456), glibc-2.34-168.el9_6.23 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), gnupg2-2.3.3-4.el9 (CVE-2025-68972), openldap-2.6.8-4.el9 (CVE-2026-22185), libarchive-3.5.3-6.el9_6 (CVE-2023-30571, CVE-2025-60753, CVE-2026-4426, CVE-2026-5745)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 64 } }, { "msg": "Found packages with low/negligible vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: gnutls-3.8.3-6.el9_6.2 (CVE-2025-9820), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796), glibc-2.34-168.el9_6.23 (CVE-2025-15281, CVE-2026-0861), shadow-utils-2:4.9-12.el9 (CVE-2024-56433)", "name": "clair_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 13 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: glibc-minimal-langpack-2.34-168.el9_6.23 (CVE-2026-4438), ncurses-base-6.2-10.20210508.el9_6.2 (CVE-2023-50495), glib2-2.68.4-16.el9_6.2 (CVE-2023-32636, CVE-2025-3360, CVE-2025-7039, CVE-2026-0988, CVE-2026-1485), pcre2-syntax-10.40-6.el9 (CVE-2022-41409), zlib-1.2.11-40.el9 (CVE-2026-27171), libcurl-minimal-7.76.1-31.el9_6.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224, CVE-2026-6276), gnutls-3.8.3-6.el9_6.2 (CVE-2026-3832), openssl-fips-provider-so-3.0.7-6.el9_5 (CVE-2026-2673), glibc-common-2.34-168.el9_6.23 (CVE-2026-4438), openssl-fips-provider-3.0.7-6.el9_5 (CVE-2026-2673), libgcrypt-1.10.0-11.el9 (CVE-2026-41990), openssl-libs-1:3.2.2-6.el9_5.1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232, CVE-2026-2673, CVE-2026-28388, CVE-2026-28389, CVE-2026-31789), pcre2-10.40-6.el9 (CVE-2022-41409), libtasn1-4.16.0-9.el9 (CVE-2025-13151), curl-minimal-7.76.1-31.el9_6.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681, CVE-2025-14524, CVE-2025-15079, CVE-2025-15224, CVE-2026-6276), libstdc++-11.5.0-5.el9_5 (CVE-2022-27943), libxml2-2.9.13-12.el9_6 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170, CVE-2026-0989, CVE-2026-0992), sqlite-libs-3.34.1-8.el9_6 (CVE-2024-0232, CVE-2025-70873), glibc-2.34-168.el9_6.23 (CVE-2026-4438), gnupg2-2.3.3-4.el9 (CVE-2022-3219, CVE-2025-30258, CVE-2026-24883), libgcc-11.5.0-5.el9_5 (CVE-2022-27943), gawk-5.1.0-6.el9 (CVE-2023-4156), libarchive-3.5.3-6.el9_6 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), ncurses-libs-6.2-10.20210508.el9_6.2 (CVE-2023-50495)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 58 } } ] } ] {"vulnerabilities":{"critical":0,"high":7,"medium":16,"low":13,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":2,"medium":64,"low":58,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg:4aa53ce53e73e603445898a92dec892838c175ee", "digests": ["sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4"]}} {"result":"SUCCESS","timestamp":"2026-05-07T17:35:33+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: gl-multi-component-parent-gykg-on-push-jmttl-clamav-scan-pod | init container: prepare 2026/05/07 17:33:17 Entrypoint initialization pod: gl-multi-component-parent-gykg-on-push-jmttl-clamav-scan-pod | init container: place-scripts 2026/05/07 17:33:18 Decoded script /tekton/scripts/script-0-t9cdz 2026/05/07 17:33:18 Decoded script /tekton/scripts/script-1-m4t7h pod: gl-multi-component-parent-gykg-on-push-jmttl-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg@sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 1.728 sec (0 m 1 s) Start Date: 2026:05:07 17:34:40 End Date: 2026:05:07 17:34:42 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27993/Wed May 6 06:24:57 2026 Database version: 27993 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1778175282","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778175282","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778175282","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg:4aa53ce53e73e603445898a92dec892838c175ee", "digests": ["sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4"]}} pod: gl-multi-component-parent-gykg-on-push-jmttl-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg Attaching to quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg:4aa53ce53e73e603445898a92dec892838c175ee Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg:4aa53ce53e73e603445898a92dec892838c175ee@sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Uploading bf353a202110 clamscan-ec-test-amd64.json Uploading 659d3fb67862 clamscan-result-amd64.log Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded bf353a202110 clamscan-ec-test-amd64.json Uploaded 659d3fb67862 clamscan-result-amd64.log Uploading 65806b76dbc1 application/vnd.oci.image.manifest.v1+json Uploaded 65806b76dbc1 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-uftp/gl-multi-component-parent-gykg:4aa53ce53e73e603445898a92dec892838c175ee@sha256:d996f5da434428d98ce8b12f29b23ddbf678f0c4bb2c0e72b7961dfb55c12ec4 Digest: sha256:65806b76dbc171a4a12813e6573d7f36d1e3edf50c95be3340e05ad76a728a9e pod: gl-multi-component-parent-gykg-on-push-jmttl-init-pod | init container: prepare 2026/05/07 17:26:06 Entrypoint initialization pod: gl-multi-component-parent-gykg-on-push-jmttl-init-pod | container step-init: time="2026-05-07T17:26:09Z" level=info msg="[param] enable: false" time="2026-05-07T17:26:09Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-07T17:26:09Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-07T17:26:09Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-07T17:26:09Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-07T17:26:09Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-07T17:26:09Z" level=info msg="Cache proxy is disabled via param" time="2026-05-07T17:26:09Z" level=info msg="[result] HTTP PROXY: " time="2026-05-07T17:26:09Z" level=info msg="[result] NO PROXY: " New PipelineRun gl-multi-component-parent-gykg-on-push-zbvm6 found after retrigger for component build-e2e-uftp/gl-multi-component-parent-gykg PipelineRun gl-multi-component-parent-gykg-on-push-zbvm6 found for Component build-e2e-uftp/gl-multi-component-parent-gykg PipelineRun gl-multi-component-parent-gykg-on-push-zbvm6 reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-gykg-on-push-zbvm6 reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-gykg-on-push-zbvm6 reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-gykg-on-push-zbvm6 reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-gykg-on-push-zbvm6 reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-gykg-on-push-zbvm6 reason: CouldntGetTask attempt 2/3: PipelineRun "gl-multi-component-parent-gykg-on-push-zbvm6" failed: pod: gl-multi-component-parent-gykg-on-pull-request-2rvdd-init-pod | init container: prepare 2026/05/07 17:16:25 Entrypoint initialization pod: gl-multi-component-parent-gykg-on-pull-request-2rvdd-init-pod | container step-init: time="2026-05-07T17:16:30Z" level=info msg="[param] enable: false" time="2026-05-07T17:16:30Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-07T17:16:30Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-07T17:16:30Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-07T17:16:30Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-07T17:16:30Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-07T17:16:30Z" level=info msg="Cache proxy is disabled via param" time="2026-05-07T17:16:30Z" level=info msg="[result] HTTP PROXY: " time="2026-05-07T17:16:30Z" level=info msg="[result] NO PROXY: " New PipelineRun gl-multi-component-parent-gykg-on-push-m74vj found after retrigger for component build-e2e-uftp/gl-multi-component-parent-gykg PipelineRun gl-multi-component-parent-gykg-on-push-m74vj found for Component build-e2e-uftp/gl-multi-component-parent-gykg PipelineRun gl-multi-component-parent-gykg-on-push-m74vj reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-gykg-on-push-m74vj reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-gykg-on-push-m74vj reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-gykg-on-push-m74vj reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-gykg-on-push-m74vj reason: ResolvingTaskRef PipelineRun gl-multi-component-parent-gykg-on-push-m74vj reason: CouldntGetTask attempt 3/3: PipelineRun "gl-multi-component-parent-gykg-on-push-m74vj" failed: pod: gl-multi-component-parent-gykg-on-pull-request-2rvdd-init-pod | init container: prepare 2026/05/07 17:16:25 Entrypoint initialization pod: gl-multi-component-parent-gykg-on-pull-request-2rvdd-init-pod | container step-init: time="2026-05-07T17:16:30Z" level=info msg="[param] enable: false" time="2026-05-07T17:16:30Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-07T17:16:30Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-07T17:16:30Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-07T17:16:30Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-07T17:16:30Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-07T17:16:30Z" level=info msg="Cache proxy is disabled via param" time="2026-05-07T17:16:30Z" level=info msg="[result] HTTP PROXY: " time="2026-05-07T17:16:30Z" level=info msg="[result] NO PROXY: " [FAILED] in [It] - /workspace/source/e2e-tests/tests/renovate.go:403 @ 05/07/26 17:39:59.129 << Timeline [FAILED] Expected success, but got an error: <*errors.errorString | 0xc000924050>: pod: gl-multi-component-parent-gykg-on-pull-request-2rvdd-init-pod | init container: prepare 2026/05/07 17:16:25 Entrypoint initialization pod: gl-multi-component-parent-gykg-on-pull-request-2rvdd-init-pod | container step-init: time="2026-05-07T17:16:30Z" level=info msg="[param] enable: false" time="2026-05-07T17:16:30Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-07T17:16:30Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-07T17:16:30Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-07T17:16:30Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-07T17:16:30Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-07T17:16:30Z" level=info msg="Cache proxy is disabled via param" time="2026-05-07T17:16:30Z" level=info msg="[result] HTTP PROXY: " time="2026-05-07T17:16:30Z" level=info msg="[result] NO PROXY: " { s: "\n pod: gl-multi-component-parent-gykg-on-pull-request-2rvdd-init-pod | init container: prepare\n2026/05/07 17:16:25 Entrypoint initialization\n\npod: gl-multi-component-parent-gykg-on-pull-request-2rvdd-init-pod | container step-init: \ntime=\"2026-05-07T17:16:30Z\" level=info msg=\"[param] enable: false\"\ntime=\"2026-05-07T17:16:30Z\" level=info msg=\"[param] default-http-proxy: squid.caching.svc.cluster.local:3128\"\ntime=\"2026-05-07T17:16:30Z\" level=info msg=\"[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai\"\ntime=\"2026-05-07T17:16:30Z\" level=info msg=\"[param] http-proxy-result-path: /tekton/results/http-proxy\"\ntime=\"2026-05-07T17:16:30Z\" level=info msg=\"[param] no-proxy-result-path: /tekton/results/no-proxy\"\ntime=\"2026-05-07T17:16:30Z\" level=info msg=\"Using in-cluster config\" logger=KubeClient\ntime=\"2026-05-07T17:16:30Z\" level=info msg=\"Cache proxy is disabled via param\"\ntime=\"2026-05-07T17:16:30Z\" level=info msg=\"[result] HTTP PROXY: \"\ntime=\"2026-05-07T17:16:30Z\" level=info msg=\"[result] NO PROXY: \"\n", } In [It] at: /workspace/source/e2e-tests/tests/renovate.go:403 @ 05/07/26 17:39:59.129 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace [It] should lead to a nudge PR creation for child component [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:412 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/e2e-tests/tests/renovate.go:412 @ 05/07/26 17:40:05.956 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace [It] merging the PR should be successful for child component [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:429 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/e2e-tests/tests/renovate.go:429 @ 05/07/26 17:40:05.956 ------------------------------ S [SKIPPED] [0.000 seconds] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace [It] Verify the nudge updated the contents [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:440 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /workspace/source/e2e-tests/tests/renovate.go:440 @ 05/07/26 17:40:05.957 ------------------------------ [ReportAfterSuite] PASSED [1580.108 seconds] [ReportAfterSuite] Autogenerated ReportAfterSuite for --junit-report autogenerated by Ginkgo ------------------------------ Summarizing 1 Failure: [FAIL] [build-service-suite Build service E2E tests] test git provider gl component update with renovate when components are created in same namespace [It] PAC PipelineRun for parent component is successful [build-service, renovate, multi-component, gitlab] /workspace/source/e2e-tests/tests/renovate.go:403 Ran 40 of 157 Specs in 1580.068 seconds FAIL! -- 39 Passed | 1 Failed | 7 Pending | 110 Skipped Ginkgo ran 1 suite in 30m5.277308803s Test Suite Failed